Add controllers and frontend for DPoP

What does this MR do and why?

This MR adds the controller and frontend code for Add DPoP checks in GraphQL and API requests (!169013 - merged).

Related to Sender constraining personal access tokens (#425130).

References

See the epic (Allow users to require demonstrated proof of po... (&14383)) for context, pre-work, and other related issues.

Screenshots or screen recordings

When dpop_authentication FF is disabled:

When :dpop_authentication FF is enabled:

How to set up and validate locally

1. Checkout this branch locally.
2. Run bin/rails db:migrate
3. In rails console, enable the feature flag: Feature.enable(:dpop_authentication, User.first)
4. Login as root.
5. Go to Settings > Access tokens > Toggle the DPoP option.
6. Confirm it persists in the database User.first.dpop_enabled and also on the frontend after refreshing the page.