Delay own user record deletion by 7 days

What does this MR do?

This MR implements https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/346.

It adds a 7-day delay between a user deleting their own account and the execution of the background job that does the actual deletion. It also updates the job that deletes user records to abort when the user to delete has been banned.

Why?

Please see https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/346 to know why this is needed and the discussion around legal concerns.

How to set up and validate locally

Set up

1. For easier testing, update app/models/user.rb to set the delay to 5 minutes

   def delete_async(deleted_by:, params: {})
     block if params[:hard_delete]
   
     if deleted_by.id == id && ::Feature.enabled?(:delay_delete_own_user)
       block
      #  DeleteUserWorker.perform_at(7.days.from_now, deleted_by.id, id, params.to_h)
      DeleteUserWorker.perform_at(5.minutes.from_now, deleted_by.id, id, params.to_h) # <<<=== This line
     else
       DeleteUserWorker.perform_async(deleted_by.id, id, params.to_h)
     end
   end

2. Enable the feature flag

   $ rails console
   > Feature.enable(:delay_delete_own_user)

Validate deletion delay

1. Log in with a user you want to delete
2. Go to http://localhost:3000/-/profile/account and delete the user account
3. Validate that the user is deleted after at least a 5 minute delay

Validate banned users are not deleted

1. Log in with a user you want to delete
2. Go to http://localhost:3000/-/profile/account and delete the user account
3. Ban the user

   $ rails console
   > user = User.find(<you_deleted_user_s_id>)
   > user.ban

4. Validate that the user is NOT deleted even after the 5 minute delay

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.