Investigate and configure bundle on CI to disallow any changes to Gemfile.lock

This is a corrective action of sirt-2266.

Determine whether this project (https://gitlab.com/gitlab-org/project-templates/rails) uses bundle or bundle install in CI. Per the Rubygems.org advisory, we should use either the frozen or deployment options as defense-in-depth to mitigate supply chain attacks. This project needs to use the frozen or deployment options if not yet.

More background

See https://github.com/rubygems/rubygems.org/security/advisories/GHSA-hccv-rwq6-vh79:

Using Bundler in --frozen or --deployment mode in CI and during deploys, as the Bundler team has always recommended, will guarantee that your application does not silently switch to versions created using this exploit.

Note that the deployment option installs gems to vendor, which we may not want. So frozen will usually be the smaller change.

Note that:

[DEPRECATED] The --frozen flag is deprecated because it relies on being remembered across bundler invocations, which bundler will no longer do in future versions. Instead please use bundle config set --local frozen 'true', and stop using this flag