Add expiration_policy_started_at support in container repositories

🤔 What does this MR do?

Follow up of !36319 (merged). In that MR, the execution time of container repository tags can be limited in time. As a consequence of this, when a expiration policy is executed on a container repository, part of the tags meant to be deleted can still be present if the corresponding service times out.

We need a way to mark container repositories that a cleanup policy has started but didn't complete. This "mark" will be used by the UI to display a warning/message to the users so that they know that the cleanup policy has been executed on this container repository but due to time constraints, it didn't complete successfully. The frontend effort for this UI change is tracked in #243750 (closed).

To mark a container repository, we will simply add a new column expiration_policy_started_at. The corresponding worker will set and reset this column accordingly. Note that this column is merely updated and read on a single container repository basis. In particular, we don't need any database query that select rows based on the values of this column. In other words, we don't use this new column for filtering.

This new column is also exposed in the corresponding rest APIs.

This MR is part of the throttling effort described in #208193 (comment 362910703)

Other considerations

In a future we might have an activity feed for container repositories based on #246619 (closed) but this is a more involved effort. In order to quickly unblock work for #243750 (closed), a new database column will do.

Screenshots

n/a

Does this MR meet the acceptance criteria?

Conformity

• Changelog entry
• Documentation (if required)
• Code review guidelines
• Merge request performance guidelines
• Style guides
• Database guides
• Separation of EE specific content

Availability and Testing

• Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
• Tested in all supported browsers
• Informed Infrastructure department of a default or new setting change, if applicable per definition of done

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

• Label as security and @ mention @gitlab-com/gl-security/appsec
• The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
• Security reports checked/validated by a reviewer from the AppSec team

Database

Up migration output

$ rails db:migrate
== 20200914070140 AddExpirationPolicyStartedAtToContainerRepositories: migrating 
-- add_column(:container_repositories, :expiration_policy_started_at, :datetime_with_timezone)
   -> 0.0019s
== 20200914070140 AddExpirationPolicyStartedAtToContainerRepositories: migrated (0.0019s)

Down migration output

$ rails db:rollback
== 20200914070140 AddExpirationPolicyStartedAtToContainerRepositories: reverting 
-- remove_column(:container_repositories, :expiration_policy_started_at)
   -> 0.0014s
== 20200914070140 AddExpirationPolicyStartedAtToContainerRepositories: reverted (0.0015s)