Add confidential attribute for notes creation

What does this MR do?

It adds confidential attribute to the public API for notes creation.

Note update and graphQL changes will be submitted as separate MRs.

Does this MR meet the acceptance criteria?

Conformity

• Changelog entry
• Documentation (if required)
• Code review guidelines
• [-] Merge request performance guidelines
• Style guides
• [-] Database guides
• [-] Separation of EE specific content

Availability and Testing

• Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.

Related to #207472 (closed)