Adds ticket confidentiality setting to Service Desk settings page

What does this MR do and why?

Contributes to Customize Service Desk issue confidentiality (#33091)

❗ This feature is hidden behind the feature flag 🎏 service_desk_tickets_confidentiality.

We received feedback that the first action agents perform on a Service Desk ticket is to mark it as non-confidential. We already added the DB field and logic in Select default Service Desk ticket visibility (!150025 - merged). We also added the tickets_confidential_by_default field to ServiceDeskController and ServiceDeskSettings::UpdateService. It also pushes the feature flag to the frontend on the project settings page.

This MR adds the checkbox New tickets are confidential by default to the Service Desk section on the global settings page. The checkbox is disabled if the project is public and the value is always set to checked. For private projects the checkbox is enabled. Depending on the state of the checkbox and project visibility the help text changes accordingly, so users know exactly the consequence of the setting.

Additionally, it adds two headlines to better group settings.

Planned MRs for this feature

1. ✔ Add DB field and logic
2. ✔ Add field to API controller
3. 🎯 Add field to frontend Service Desk settings

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before

After

For a public project

For a private project

Checkbox checked (default)

Checkbox unchecked

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

1. If you haven't set up incoming_email or service_desk_email for email ingestion, please add this to your gitlab.yml file in the development: section. Please restart GDK with gdk restart:

   incoming_email:
     enabled: true
     address: "incoming+%{key}@example.com"

   This will allow you to see the Service Desk section in the settings and generate project-specific email addresses. You won't be able to ingest real emails, but we don't need that here.
2. Select a project (where you can change visibility) or create a new one.
3. Navigate to the general settings page and expand the Service Desk section (e.g. http://127.0.0.1:3000/Commit451/lab-coat/edit). You should see no Ticket visibility section.
4. Enable the feature flag for this project and set the visibility to public (you can also check this in a different order depending on the current visibility)

   project = Project.find(5)
   Feature.enable(:service_desk_tickets_confidentiality, project)

5. Reload the general settings page and you should see the Ticket visibility headline and the New tickets are confidential by default checkbox. If the project is public, the checkbox should be disabled and checked with the corresponding help text.
6. Now change the project visibility to private.
7. Reload the general settings page. The checkbox should be enabled and checked (by default). The corresponding help text should be visible.
8. Now deselect the checkbox. The help text should change.
9. Open the developer tools and select the network tab.
10. Select Save changes.
11. You should see a request to the /service-desk endpoint and the payload should contain tickets_confidential_by_default: false. The response should contain the same field with the same value.
12. If you reload the page the checkbox should remain unchecked.
13. If you don't use Service Desk in your project you can just leave the settings and feature flag state as is. Feel free to roll back he changes.