Resolve "User cannot sign out of GitLab once admin resets their password."

What does this MR do?

For #243444 (closed)

Problem

1. Imagine a user having a currently active session on GitLab.
2. Admin resets the password of this user via the admin/users UI or via the PUT /users/:id API.
3. Internally this sets the user.password_expires_at value to Time.current for the user. Code
4. At this point, the user does not know their current account password.
5. If this user tries to access any GitLab page, they will be logged out, since the password reset performed by the admin would have caused the user's session to be invalidated.
6. Now, if the admin shares the changed password with the user (this is probable in case of self managed instances), this user can log in again.
7. When they login with this new password, they are always redirected to the profile/password/new page due to this before_action which checks if the password has expired. This check returns true because of the reason mentioned in step (3).
8. This is by design, as no matter which page the user tries to access, they are prevented access and redirected to resetting their password via the profile/password/new page.
9. However, currently if the user tries to "Sign Out" from this page for whatever reason, it is not possible to do so. (This is a very rare scenario though, as most users would just update the password from this page and most probably would not click Sign Out. However this could still be considered a bug as "Sign Out" is an action that should always be allowed.)

This becomes a user-experience problem, as the user is always stuck in the profile/password/new, without the ability to log-out.

Fix

User should be allowed to sign out of GitLab, even if the password has expired. The before_action is now skipped for the sign-out action.

Screenshots

Does this MR meet the acceptance criteria?

Conformity

• Changelog entry
• Documentation (if required)
• Code review guidelines
• Merge request performance guidelines
• Style guides
• Database guides
• Separation of EE specific content

Availability and Testing

• Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
• Tested in all supported browsers
• Informed Infrastructure department of a default or new setting change, if applicable per definition of done

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

• Label as security and @ mention @gitlab-com/gl-security/appsec
• The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
• Security reports checked/validated by a reviewer from the AppSec team