Add increasing wait time between phone verification code sends

What does this MR do and why?

Implements https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/539+

Add increasing wait time between subsequent phone number verification code SMS sends after the first one.

Why?

See https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/539.

Database changes

• sms_sent_at (smallint) and sms_send_count (datetime_with_timezone) columns are added to users_phone_number_validations table
• No new or modified queries

Screenshots or screen recordings

SMS send number
1	Screen_Recording_2023-11-28_at_5.37.11_PM
2	Screen_Recording_2023-11-28_at_5.38.43_PM
3	Screen_Recording_2023-11-28_at_5.41.42_PM
4	Screen_Recording_2023-11-28_at_5.46.48_PM
5 (rate limited)	Screen_Recording_2023-11-28_at_5.56.53_PM

How to set up and validate locally

1. Enable the relevant feature flags

   > Feature.enable(:arkose_labs_signup_challenge)
   > Feature.enable(:identity_verification_phone_number)
   > Feature.enable(:identity_verification)
   > Feature.enable(:sms_send_wait_time)

2. Configure application settings for Identity Verification

   > ApplicationSetting.first.update(email_confirmation_setting: 'hard')
   > ApplicationSetting.first.update(arkose_labs_public_api_key: "XXX", arkose_labs_private_api_key: "YYY", require_admin_approval_after_user_signup: false)
   > ApplicationSetting.first.update(telesign_customer_xid: 'XXX', telesign_api_key: 'YYY')

   Note: credentials are in 1Password under Telesign API keys (Development) and ArkoseLabs API keys (Development)

3. Register a new user

4. Force user to have medium risk

   > User.last.custom_attributes.by_key('arkose_risk_band').first.update!(value: 'Medium')

5. Verify the user's email

   > User.last.update(confirmed_at: Time.zone.now)

6. On the phone verification step, send a code to a valid phone number

7. Verify that resend links and buttons are disabled and displays a 1 minute wait time

8. Wait for the wait time to expire then send another code

9. Verify that resend links and buttons are disabled and displays the appropriate wait time (3 minutes, 5 minutes, 10 minutes, rate limited). See the demo videos above.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.

app/models/users/phone_number_validation.rb

@@ -4,7 +4,9 @@ module Users
   class PhoneNumberValidation < ApplicationRecord
     include IgnorableColumns
 
-    SMS_SEND_DELAYS = [1.minute, 3.minutes, 5.minutes].freeze
+    # Subsequent SMS send attempts will be delayed by 1min, 3min, 5min up to a
+    # maximum of 10 mins
+    SMS_SEND_DELAYS = [1.minute, 3.minutes, 5.minutes, 10.minutes].freeze
 
     self.primary_key = :user_id
     self.table_name = 'user_phone_number_validations'