User admin approval - Default for new instances

What does this MR do?

The default setting for newly created settings is to allow user registration. In order to increase security, we should make the admin approval workflow the default for any newly created instances. Settings for existing instances should not be changed.

Ran a migration to change column default, which broke some tests that currently assume that user has permission to register without admin approval, so stubbed require_admin_approval_after_user_signup: false for those tests.

% rails db:migrate
== 20201107032257 AddDefaultTrueRequireAdminApprovalAfterUserSignupToApplicationSettings: migrating 
-- change_column_default(:application_settings, :require_admin_approval_after_user_signup, {:from=>false, :to=>true})
   -> 0.0352s
== 20201107032257 AddDefaultTrueRequireAdminApprovalAfterUserSignupToApplicationSettings: migrated (0.0396s) 

rake db:migrate:status shows that 20201107032257 AddDefaultTrueRequireAdminApprovalAfterUserSignupToApplicationSettings is 5th from latest migration, so add STEP=5 to the rollback:

% rails db:rollback STEP=5
== 20201107032257 AddDefaultTrueRequireAdminApprovalAfterUserSignupToApplicationSettings: reverting 
-- change_column_default(:application_settings, :require_admin_approval_after_user_signup, {:from=>true, :to=>false})
   -> 0.0343s
== 20201107032257 AddDefaultTrueRequireAdminApprovalAfterUserSignupToApplicationSettings: reverted (0.0343s) 

Screenshots (strongly suggested)

Does this MR meet the acceptance criteria?

Conformity

• Changelog entry
• Documentation (if required)
• Code review guidelines
• Merge request performance guidelines
• Style guides
• Database guides
• Separation of EE specific content

Availability and Testing

• Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
• Tested in all supported browsers
• Informed Infrastructure department of a default or new setting change, if applicable per definition of done

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

• Label as security and @ mention @gitlab-com/gl-security/appsec
• The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
• Security reports checked/validated by a reviewer from the AppSec team

Related to #267568 (closed)