Admin mode in sidekiq jobs

What does this MR do?

Add two new middlewares to Sidekiq client & server to support the admin-mode feature and extend CurrentUserMode with class methods that use the SafeRequestStore to:

• support bypassing the session in nested Sidekiq jobs, if the original job had admin mode enabled
• make the current_user of a request available as a class method to avoid querying the DB in the Sidekiq client middleware

The client middleware injects a new Sidekiq job field admin_mode_user_id on any job created by an admin in one of two cases:

1. If the admin user has enabled admin mode in one of their active sessions
2. Or if the job is triggered by another parent job (nested job), by using a RequestStore flag with class method CurrentUserMode.bypass_session!(user_id)

The server middleware uses the job admin_mode_user_id field set previously:

• If the field is found it will use the class method CurrentUserMode.bypass_session!(user_id) to bypass the session to set admin mode for this user, by setting the admin user id in the request thread
• While the job is executed, the policies that invoke CurrentUserMode will only have to check User#admin? to determine if admin mode is enabled, effectively ignoring the user sessions

Considerations

The are two main reasons for introducing the user in the request store and the bypass session method:

1. Avoid the need to unconditionally query the database on each sidekiq client middleware to determine if the user is an admin. This is delegated to the policies, only called when actually needed.
2. Determine which admin user actually triggered the job that (potentially) requires admin mode, and be able to prevent jobs from succeeding if the user lost admin rights in the period between when the job is scheduled and it is executed.

Closes #35717 (closed)

🛠 with ❤ at Siemens (/cc @bufferoverflow)

Screenshots

Does this MR meet the acceptance criteria?

Conformity

• Changelog entry
• Documentation (if required)
• Code review guidelines
• Merge request performance guidelines
• Style guides
• Database guides
• Separation of EE specific content

Availability and Testing

• Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
• Tested in all supported browsers

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

• Label as security and @ mention @gitlab-com/gl-security/appsec
• The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
• Security reports checked/validated by a reviewer from the AppSec team