* Splay the start by sleeping up to one minute.
* Adjust sideikiq retries to try up to approximately three hours.
* Randomize the minute fully within the hour.
* Psudo-randomize the day of the week based on the instance UUID.

This copies over EE-specific changes to shared configuration files in
CE.

To make this happen, we need to conditionally add the group_saml
strategy when running tests, but only on EE. This requires some changes
to Gitlab.ee? so that it can be used before/without loading the Rails
environment. We also have to change how we require a few files, so this
can run outside of Rails.

attr_encrypted does different things with `key` depending on what mode you are using:

1. In `:per_attribute_iv_and_salt` mode, it generates a hash with the salt:
https://github.com/attr-encrypted/encryptor/blob/c3a62c4a9e74686dd95e0548f9dc2a361fdc95d1/lib/encryptor.rb#L77.
There is no need to truncate the key to 32 bytes here.

2. In `:per_attribute_iv` mode, it sets the key directly to the password, so
truncation to 32 bytes is necessary.

Closes #47166

[ci skip]

Fixes that make this work:

* A change in Ruby (https://github.com/ruby/ruby/commit/ce635262f53b760284d56bb1027baebaaec175d1)
requires passing in the exact required length for OpenSSL keys and IVs.

* Ensure the secrets.yml is generated before any prepended modules are
loaded. This is done by renaming the `secret_token.rb` initializer to
`01_secret_token.rb`, which is a bit ugly but involves the least impact on
other files.

Signed-off-by: Rémy Coutable <remy@rymai.me>

Signed-off-by: Rémy Coutable <remy@rymai.me>

Signed-off-by: Rémy Coutable <remy@rymai.me>