Unify Personal Access Token expiration behavior

What does this MR do and why?

Describe in detail what your merge request does and why.

Fixes https://gitlab.com/gitlab-org/gitlab/-/issues/364526

Previously some portions of GitLab used Expirable concern scopes to determine whether a token was valid and other areas used the PAT model active scope. One scope treated tokens as expired at midnight on expiration day while the other used end of day. This change unifies the behavior to beginning of day.

Both the container registry and dependency proxy authentication use the JwtController to call Gitlab::Auth.find_for_git_client. This method cascades through potential authentication methods including personal access tokens using the PersonalAccessTokenFinder. The finder_options passed in include state active, which will use the modified active scope defined in this MR.

As a result, personal access tokens expire at the beginning of the day (server time) vs. end of day.

Screenshots or screen recordings

These are strongly recommended to assist reviewers and reduce the time to merge your change.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.