Respect DefaultUserIsRestricted system default when creating new user

[jpraet]

The DefaultUserIsRestricted system configuration options is not always enforced when creating a new user.

This PR configures the system defaults in user_model.CreateUser, and also enhances the CreateUserOverwriteOptions to allow overwriting the system defaults when needed.

Note that the RegisterEmailConfirm and RegisterManualConfirm are also not enforced in most places.
Normalization of these settings has been taken out of the scope of this PR.

[jpraet]

There are a lot of places where IsActive is currently set to true instead of
!(setting.Service.RegisterEmailConfirm || setting.Service.RegisterManualConfirm).
I'm not sure which of these need to remain true by design?

[codecov-commenter]

Codecov Report

Merging #19310 (a8dc6ec) into main (d242511) will decrease coverage by 0.11%.
The diff coverage is 41.66%.

❗ Current head a8dc6ec differs from pull request most recent head ee95d3e. Consider uploading reports for the commit ee95d3e to get more accurate results

@@            Coverage Diff             @@
##             main   #19310      +/-   ##
==========================================
- Coverage   47.51%   47.39%   -0.12%     
==========================================
  Files         944      949       +5     
  Lines      131549   132139     +590     
==========================================
+ Hits        62500    62623     +123     
- Misses      61541    61974     +433     
- Partials     7508     7542      +34     

Impacted Files	Coverage Δ
cmd/admin.go	0.00% <0.00%> (ø)
cmd/serv.go	2.33% <0.00%> (-0.06%)	⬇️
models/action.go	48.61% <0.00%> (ø)
models/error.go	36.46% <ø> (-0.03%)	⬇️
models/issue_label.go	68.02% <0.00%> (ø)
models/issue_lock.go	0.00% <0.00%> (ø)
models/issue_project.go	31.70% <0.00%> (ø)
models/pull.go	55.81% <0.00%> (ø)
models/statistic.go	0.00% <0.00%> (ø)
models/unittest/testdb.go	15.50% <0.00%> (-0.13%)	⬇️
... and 121 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 72479bf...ee95d3e. Read the comment docs.

[jpraet]

Could anyone advise on where setting.Service.RegisterEmailConfirm and/or setting.Service.RegisterManualConfirm can be bypassed and where they cannot?

[lunny]

Could anyone advise on where setting.Service.RegisterEmailConfirm and/or setting.Service.RegisterManualConfirm can be bypassed and where they cannot?

I think gitea command line could ignore these options. Otherwise they should be obey.

[lafriks]

I don't really think external authentication sources should obey to these rules also, probably they could have option to them to added then to activate user or not but currently I don't think that's a good idea to have to activate them

[jpraet]

My initial reason for this PR was that DefaultUserIsRestricted is currently not taken into account in multiple places where new user accounts are created.

When discussing this on discord @zeripath mentioned "you might wanna check isManualConfirm too - appears I may have missed some", so I broadened the scope to also look into RegisterEmailConfirm and RegisterManualConfirm as well.

But it looks like there's no consensus as to where these settings should apply?

[jpraet]

Should I maybe leave the RegisterEmailConfirm and RegisterManualConfirm settings AS-IS, and only address DefaultUserIsRestricted in this PR?

[lunny]

Should I maybe leave the RegisterEmailConfirm and RegisterManualConfirm settings AS-IS, and only address DefaultUserIsRestricted in this PR?

I'm OK for that.

[lafriks]

Why default theme is removed?

[jpraet]

Already applied by default in CreateUser:

gitea/models/user/user.go

Line 646 in 5574ad1

u.Theme = setting.UI.DefaultTheme