Put groups_direct field in CI JWT tokens behind feature flag

What does this MR do and why?

This backports !161075 (merged) to 17-1-stable-ee.

In GitLab 16.11 !146881 (merged) introduced the groups_direct fields for CI JWT tokens used in the Vault integration. However, since JWT tokens are often sent in the Authorization HTTP header, the addition of the groups_direct field can cause the header to exceed the maximum allowed header size of Web/proxy servers.

To avoid this issue, put this groups_direct field behind a ci_jwt_groups_direct feature flag while we figure out the best way to handle this.

Relates to #467253 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• This MR is backporting a bug fix, documentation update, or spec fix, previously merged in the default branch.
• The MR that fixed the bug on the default branch has been deployed to GitLab.com (not applicable for documentation or spec changes).
• This MR has a severity label assigned (if applicable).
• Set the milestone of the merge request to match the target backport branch version.
• This MR has been approved by a maintainer (only one approval is required).
• Ensure the e2e:package-and-test-ee job has either succeeded or been approved by a Software Engineer in Test.

Note to the merge request author and maintainer

If you have questions about the patch release process, please:

• Refer to the patch release runbook for engineers and maintainers for guidance.
• Ask questions on the #releases Slack channel (internal only).