Create IdentityVerification::UserRiskProfile class

What does this MR do and why?

In preparation for implementing https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/384?work_item_iid=487 task of https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/384+, this MR extracts methods related to a user's risk profile from IdentityVerifiable to IdentityVerification::UserRiskProfile. IdentityVerifiable then delegates calls to these methods to an instance of IdentityVerification::UserRiskProfile.

This refactor centralizes all risk-related methods to their own module and abstracts away the underlying implementation of how a user's risk is determined/overridden (e.g. Arkose risk score or presence of custom attribute with 'assumed_high_risk_reason' key)

The following methods are moved:

1. assume_high_risk!
2. assumed_high_risk?
3. arkose_risk_band (now private)
4. low_risk? - replaces case arkose_risk_band ... when Arkose::VerifyResponse::RISK_BAND_LOW.downcase
5. medium_risk? - replaces case arkose_risk_band ... when Arkose::VerifyResponse::RISK_BAND_MEDIUM.downcase
6. high_risk? - replaces arkose_high_risk? and case arkose_risk_band ... when Arkose::VerifyResponse::RISK_BAND_HIGH.downcase
7. arkose_verified? - replaces @user.arkose_risk_band.blank?

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before	After

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.