`bundle install` should use `deployment`, or `frozen` option

This is a corrective action of sirt-2266.

From https://gitlab.com/gitlab-com/gl-security/security-operations/sirt/operations/-/issues/2266, and https://github.com/rubygems/rubygems.org/security/advisories/GHSA-hccv-rwq6-vh79, Omnibus should use --deployment, or --frozen when running bundle install

We currently don't use either : https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/config/software/gitlab-rails.rb#L101-106

@balasankarc raised a good point that --deployment installs gems to vendor which we don't want. But we should consider --frozen

Note that:

[DEPRECATED] The --frozen flag is deprecated because it relies on being remembered across bundler invocations, which bundler will no longer do in future versions. Instead please use bundle config set --local frozen 'true', and stop using this flag