Address organization_id foreign key for ai_settings

Summary

The ai_settings table, which has a single row per instance, is currently used to store instance-wide AI settings.

Because some these settings are associated with user and oauth application records, and users will be unique per-organization, the ai_settings table needs to have an organization_id foreign key.

https://docs.gitlab.com/development/organization/

Tasks

1. organization_id foreign key added to ai_settings
2. Add uniqueness validation so that only one column per organization_id is allowed in the ai_settings table
3. Remove SingletonRecord from the Ai::Setting model because this is no longer a singleton, there may be multiple rows for different organizations.
4. Value of organization_id backfilled via background database migration to match the default/primary organization for the instance.
5. Drop the singleton column and related index.
6. [THIS CAN POTENTIALLY BE SKIPPED IF WE THINK THAT DUO WORKFLOW ONLY NEEDS TO WORK ON THE DEFAULT CELL FOR NOW] Update the Duo Workflow onboarding logic so that it no longer requires manual action by an admin to create the Duo Workflow Service Account and OAuth app. Instead, implement the suggestion in this thread so that these attributes are automatically added to the database the first time that a user invokes Duo Workflow with composite identity in the cell.

Related links

Discovered in !186387 (merged)