Add worker to periodically sync LDAP users Duo seats

Resolves Add cron schedule option for LdapAddOnSeatSyncW... (#542402 - closed).

What does this MR do and why?

Adds a cron schedule option for LdapAddOnSeatSyncWorker to enable automated Duo seat sync independent of user sign-ins.

Currently, LDAP Duo seat sync only triggers on user sign-in, which doesn't work with SSO environments. This creates manual overhead for administrators.

This MR adds LdapAllAddOnSeatSyncWorker that runs daily at 2 AM, processes all LDAP users in batches, and enqueues individual sync jobs.

How to set up and validate locally

LDAP setup in GDK: https://gitlab.com/gitlab-org/gitlab-development-kit/blob/main/doc/howto/ldap.md

1. Configure LDAP with duo_add_on_groups setting
2. Run: GitlabSubscriptions::AddOnPurchases::LdapAllAddOnSeatSyncWorker.new.perform
3. Verify cron job: Settings.cron_jobs['ldap_add_on_seat_sync_worker']

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.