Resolve "[Backend] Set instance-level external audit event destination"

What does this MR do and why?

What?

This MR does following things:

1. Adds following columns to application_settings table:
   1. audit_events_external_destination text field with character limit of 255, this will hold the url for instance level external audit events.
   2. enable_external_audit_events which is a boolean field and determines whether instance level audit events should be sent or not to external destination.
2. Changes in EE application settings API for updating and fetching the values of these attributes.
3. Added these feature behind a new feature flag ff_external_audit_events.
4. Adds documentation for the change in API.

Why?

1. We want to send instance level audit events to external destination so for that we need to first configure the instance with the url of remote destination.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

How to set up and validate locally

1. After checking out the branch, run bin/rails db:migrate RAILS_ENV=development for running the migration added in this MR.
2. Since we are making changes in application settings API, it can only be accessed by the instance admin so please use private token of instance admin only in the mentioned APIs.
3. Curl command for fetching the application settings is curl --location 'http://gitlab.localdev:3000/api/v4/application/settings' --header 'PRIVATE-TOKEN: 3mayNtX-aGEiPnumayhz' --header 'Content-Type: application/json'
4. Curl command for updating application settings is curl --location --request PUT 'http://gitlab.localdev:3000/api/v4/application/settings?audit_events_external_destination=https%3A%2F%2Fwww.example1.com&enable_external_audit_events=true' --header 'PRIVATE-TOKEN: <PRIVATE_TOKEN>' --header 'Content-Type: application/json'.
5. When the feature flag ff_external_audit_events is enabled and the instance has the ULTIMATE license, then only the admin will be able to fetch and update the parameters audit_events_external_destination and enable_external_audit_events, otherwise these params will not be returned in the GET call and while updating them, the response will be with error code 400.
6. Feature flag can be enabled and disabled by running Feature.enable(:ff_external_audit_events) and Feature.disable(:ff_external_audit_events) respectively in rails console.

Migration output

Up

RAILS_ENV=development bin/rails db:migrate:up:main VERSION=20230302180816

main: == 20230302180816 AddAuditExternalDestinationToApplicationSettings: migrating =
main: -- add_column(:application_settings, :audit_events_external_destination, :text, {:if_not_exists=>true})
main:    -> 0.1738s
main: -- transaction_open?()
main:    -> 0.0000s
main: -- transaction_open?()
main:    -> 0.0000s
main: -- execute("ALTER TABLE application_settings\nADD CONSTRAINT check_04131de188\nCHECK ( char_length(audit_events_external_destination) <= 255 )\nNOT VALID;\n")
main:    -> 0.0012s
main: -- execute("SET statement_timeout TO 0")
main:    -> 0.0002s
main: -- execute("ALTER TABLE application_settings VALIDATE CONSTRAINT check_04131de188;")
main:    -> 0.0006s
main: -- execute("RESET statement_timeout")
main:    -> 0.0002s
main: -- add_column(:application_settings, :enable_external_audit_events, :boolean, {:default=>false, :null=>false})
main:    -> 0.0016s
main: == 20230302180816 AddAuditExternalDestinationToApplicationSettings: migrated (0.1955s)

Down

RAILS_ENV=development bin/rails db:migrate:down:main VERSION=20230302180816

main: == 20230302180816 AddAuditExternalDestinationToApplicationSettings: reverting =
main: -- remove_column(:application_settings, :audit_events_external_destination)
main:    -> 0.0050s
main: -- remove_column(:application_settings, :enable_external_audit_events)
main:    -> 0.0032s
main: == 20230302180816 AddAuditExternalDestinationToApplicationSettings: reverted (0.0329s)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.

Related to #335175 (closed)