Extend admin mode feature: limit API access of admin user PATs

A natural extension of the admin mode feature is to limit the access level of administrator's PATs.

Our initial idea is to:

• Add an additional option Admin Mode within https://gitlab.com/profile/personal_access_tokens, default to off
• When creating a new PAT, if on then the token can use admin privileges (enforced via policies with the admin mode feature), otherwise regular user permissions apply
• sudo scope can not be chosen if Admin Mode is off

Potentially also apply the same idea to https://gitlab.com/profile/applications and https://gitlab.com/admin/applications. Also consider that applications might not even require admin mode at all (is there use cases for this?)

We at Siemens commit to develop this extension as soon as the admin mode feature goes GA.

Originally discussed in #35717 (comment 258121077)

/cc @reprazent @ifarkas @bufferoverflow @cbacharakis