Offer user to update email address when requiring email verification

What does this MR do and why?

When the require_email_verification feature is turned on, users without 2FA enabled are required to verify their email before gaining access to the product after 3 or more failed login attempts or when signing in from an unknown IP address.

Because support got overwhelmed with requests from people who had lost access to the email address they used to sign up with, we now offer users to change their email address the first time they are required to verify their email.

Issue: https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/413

Screenshots or screen recordings

Screen_Recording_2023-07-27_at_10.58.24

How to set up and validate locally

1. Enable the feature flag in Rails console

   Feature.enable(:require_email_verification)

2. Sign out
3. Sign in 3 times with a wrong password
4. Sign in with your correct password
5. Click Update email
6. Submit another email address
7. Open http://localhost:3000/rails/letter_opener/ and verify you received 2 emails:
   • the Email Changed notification on your old address
   • the Verify your identity email on your new address
8. Copy the code from the verification email
9. Submit the code in the verification form
10. Verify you signed in successfully and the email address has been changed
11. Repeat step 2-4 and verify the Update email button isn't being shown

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.