Add setting for duplicate generic packages

🔬 : What does this MR do?

Users can upload files to the package registry using the generic package API.

This MR adds two namespace-level settings that allow users to control whether or not the registry should accept or reject duplicate package uploads (same file being uploaded the same package, meaning package with same name and version).

The settings are:

• generic_duplicates_allowed - true means we allow duplicates, false means we reject duplicates
• generic_duplicate_exception_regex - When generic_duplicates_allowed is set to false, packages with names that match this regex will allow duplicates.

These settings match the same settings added previously for Maven packages.

This MR does not update the frontend to add these settings to the UI, so I have not updated the Generic package documentation here.

🐘 Database

Migrations up:

== 20210429192653 AddGenericPackageDuplicateSettingsToNamespacePackageSettings: migrating
-- add_column(:namespace_package_settings, :generic_duplicates_allowed, :boolean, {:null=>false, :default=>true})
   -> 0.0075s
-- add_column(:namespace_package_settings, :generic_duplicate_exception_regex, :text, {:null=>false, :default=>""})
   -> 0.0022s
== 20210429192653 AddGenericPackageDuplicateSettingsToNamespacePackageSettings: migrated (0.0100s)

== 20210429193106 AddTextLimitToNamespacePackageSettingsGenericDuplicateExceptionRegex: migrating
-- transaction_open?()
   -> 0.0000s
-- current_schema()
   -> 0.0010s
-- execute("ALTER TABLE namespace_package_settings\nADD CONSTRAINT check_31340211b1\nCHECK ( char_length(generic_duplicate_exception_regex) <= 255 )\nNOT VALID;\n")
   -> 0.0035s
-- current_schema()
   -> 0.0006s
-- execute("SET statement_timeout TO 0")
   -> 0.0012s
-- execute("ALTER TABLE namespace_package_settings VALIDATE CONSTRAINT check_31340211b1;")
   -> 0.0040s
-- execute("RESET ALL")
   -> 0.0015s
== 20210429193106 AddTextLimitToNamespacePackageSettingsGenericDuplicateExceptionRegex: migrated (0.0348s)

Migrations down:

== 20210429193106 AddTextLimitToNamespacePackageSettingsGenericDuplicateExceptionRegex: reverting
-- execute("ALTER TABLE namespace_package_settings\nDROP CONSTRAINT IF EXISTS check_b8eedf314d\n")
   -> 0.0015s
== 20210429193106 AddTextLimitToNamespacePackageSettingsGenericDuplicateExceptionRegex: reverted (0.0098s)

== 20210429192653 AddGenericPackageDuplicateSettingsToNamespacePackageSettings: reverting
-- remove_column(:namespace_package_settings, :generic_duplicate_exception_regex, :text, {:null=>false, :default=>""})
   -> 0.0039s
-- remove_column(:namespace_package_settings, :generic_duplicates_allowed, :boolean, {:null=>false, :default=>true})
   -> 0.0011s
== 20210429192653 AddGenericPackageDuplicateSettingsToNamespacePackageSettings: reverted (0.0088s)

📸 Screenshots (strongly suggested)

GraphQL screenshots

The following requests were made in order, changing the settings before each set of requests as noted in the summary descriptions:

Uploads with generic_duplicates_allowed: true

$ curl --header "PRIVATE-TOKEN: $TOKEN" --upload-file /Users/steveabrams/workspace/foo.png "http://gdk.test:3001/api/v4/projects/82/packages/generic/my_package/0.0.1/foo.png"
{"message":"201 Created"}
$ curl --header "PRIVATE-TOKEN: $TOKEN" --upload-file /Users/steveabrams/workspace/foo.png "http://gdk.test:3001/api/v4/projects/82/packages/generic/my_package/0.0.1/foo.png"
{"message":"201 Created"}
$ curl --header "PRIVATE-TOKEN: $TOKEN" --upload-file /Users/steveabrams/workspace/foo.png "http://gdk.test:3001/api/v4/projects/82/packages/generic/my_package/0.0.1/bar.png"
{"message":"201 Created"}

Uploads with generic_duplicates_allowed: false and generic_duplicate_exception_regex: ""

$ curl --header "PRIVATE-TOKEN: $TOKEN" --upload-file /Users/steveabrams/workspace/foo.png "http://gdk.test:3001/api/v4/projects/82/packages/generic/my_package/0.0.1/foo.png"
{"message":"400 Bad request - Duplicate package is not allowed"}
$ curl --header "PRIVATE-TOKEN: $TOKEN" --upload-file /Users/steveabrams/workspace/foo.png "http://gdk.test:3001/api/v4/projects/82/packages/generic/my_package/0.0.1/baz.png"
{"message":"201 Created"}
$ curl --header "PRIVATE-TOKEN: $TOKEN" --upload-file /Users/steveabrams/workspace/foo.png "http://gdk.test:3001/api/v4/projects/82/packages/generic/your_package/0.0.1/foo.png"
{"message":"201 Created"}

Uploads with generic_duplicates_allowed: false and generic_duplicate_exception_regex: "my_.*"

$ curl --header "PRIVATE-TOKEN: $TOKEN" --upload-file /Users/steveabrams/workspace/foo.png "http://gdk.test:3001/api/v4/projects/82/packages/generic/my_package/0.0.1/foo.png"
{"message":"201 Created"}
$ curl --header "PRIVATE-TOKEN: $TOKEN" --upload-file /Users/steveabrams/workspace/foo.png "http://gdk.test:3001/api/v4/projects/82/packages/generic/my_package/0.0.1/bar.png"
{"message":"400 Bad request - Duplicate package is not allowed"}

☑ Does this MR meet the acceptance criteria?

Conformity

• 📋 Does this MR need a changelog?
  • I have included a changelog entry.
  • [-] I have not included a changelog entry because _____.
• Documentation (if required)
• Code review guidelines
• Merge request performance guidelines
• Style guides
• Database guides
• [-] Separation of EE specific content

Availability and Testing

• Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
• [-] Tested in all supported browsers
• [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

• [-] Label as security and @ mention @gitlab-com/gl-security/appsec
• [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
• [-] Security reports checked/validated by a reviewer from the AppSec team

Related to #293755 (closed)