Adds a Cleanup class for unused still-active Personal Access Tokens

What does this MR do and why?

Resolves Create a Class that can identify and revoke inactive Personal Access Tokens which is the first Work Item of Add a rake task to revoke all access tokens tha... (#369000). Subsequent work items will be done in subsequent MRs - small merges get merged faster! :)

Unused active Personal Access Tokens pose a risk to organizations in that they may have been, or may be, leaked to unauthorized individuals. They are likely providing little / no current value because they are not actively being used, and should therefore be proactively revoked.

This MR introduces a scope for identifying unused Personal Access Tokens. It also adds a class which, like other Cleanup classes, can be used in a "dry run" (default) or active mode. It provides logging and safe defaults.

Ideally, tokens are created with a short expiry time. For everything else, there's Gitlab::Cleanup::UnusedPersonalAccessTokens.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.

Related to #369000