This is part of https://gitlab.com/gitlab-org/gitlab/-/issues/555382. ## Scope Implement new `ApplicationSetting` that disables/enables the existing cleanup workers. When enabled (if `archive_revoked_access_grants` FF in enabled too) the `Authn::DataRetention::*Worker` workers will take care of enforcing the retention period by removing outdated records. Retention policies: * All authentication events older than 1 year (created_at based) - handled by `Authn::DataRetention::AuthenticationEventArchiveWorker` * All OAuth access tokens revoked over 1 month ago - handled by `Authn::DataRetention::OauthAccessTokenArchiveWorker` * All OAuth access grants revoked over 1 month ago - handled by `Authn::DataRetention::OauthAccessGrantArchiveWorker` ## Steps - [x] Add new `ApplicationSetting` to toggle cleanup workers execution - defaults `false` (SM and other environments must enable it only when needed) - No UI for the setting - [x] Update the logic in `Authn::DataRetention::*Worker` - [x] Keep the existing `archive_revoked_access_grants` Feature Flag too - [x] Once deployed in production, make sure the new ApplicationSetting is enabled for `com` (or should it be hardcoded?)