Fix hidden error when state value is not allowed

1. Allow to define allowed values for single-query and multi-query attributes.
2. Restrict the allowed values for the 'state' attribute. Without this check, the API error response (e.g. { "error" => "state does not have a correct value" } would be used as the resource attributes and a random exception would be thrown later on because the resource doesn't have the expected attributes (e.g. project_id).

I stumbled upon this bug in gitlab-org/quality/triage-ops!663 (closed).