Block git over http when email OTP FF enabled

What does this MR do and why?

This MR takes the great work @nmalcolm started and pulls out just the blocking logic that applies to blocking git over http when the :email_based_mfa feature flag is set.

References

• https://gitlab.com/gitlab-org/gitlab/-/issues/567877+

How to set up and validate locally

Common steps

1. Ensure you have a 'test' user in your GDK setup without any 2FA enabled. We'll be using testuser as our example.
2. Create a new blank project as testuser, selecting Initialize repository with a README. We'll be using email-otp-hardening/test as our example.

Test baseline functionality

1. Follow Common Steps above.
2. Ensure the email_based_mfa feature flag is disabled for the user - Feature.disable(:email_based_mfa, User.find_by_username('testuser')).
3. Clone the email-otp-hardening/test project using git and http, e.g. cd /tmp ; git -c credential.helper="" clone http://gdk.test:3000/email-otp-hardening/test.git.
4. Validate you were able to clone successfully.

Test new functionality from this MR

1. Follow Common Steps above.
2. Ensure the email_based_mfa feature flag is enabled for the user - Feature.enable(:email_based_mfa, User.find_by_username('testuser')).
3. Clone the email-otp-hardening/test project using git and http, e.g. cd /tmp ; git -c credential.helper="" clone http://gdk.test:3000/email-otp-hardening/test.git.
4. Validate you were not able to clone the project and receive the remote: HTTP Basic: Access denied. If a password was provided for Git authentication, the password was incorrect or you're required to use a token instead of a password. If a token was provided, it was either incorrect, expired, or improperly scoped error message.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.