Geo: Proxy Git push over SSH via Workhorse, not Rails

Problem

See &8819 (closed)

Proposal

&8819 (comment 1230815146):

Make gitlab-shell call the appropriate route on the secondary Workhorse to let the "new" proxying behavior handle the proxying, instead of the proxy_git_ssh routes which are proxied by Rails.

Before

sequenceDiagram
    participant C as Git on client
    participant S as GitLab Shell
    participant I as Workhorse & Rails
    participant P as Workhorse & Rails

    Note left of C: git fetch
    Note over S,I: Secondary site
    Note over P: Primary site
    C->>+S: ssh git receive-pack request
    S->>I: SSH key validation (api/v4/internal/authorized_keys?key=..)
    I-->>S: HTTP/1.1 300 (custom action status) with {endpoint, msg, primary_repo}
    S->>I: POST /api/v4/geo/proxy_git_ssh/info_refs_receive_pack
    I->>P: POST $PRIMARY/foo/bar.git/info/refs/?service=git-receive-pack
    P-->>I: HTTP/1.1 200 OK
    I-->>S: <response>
    S-->>C: return Git response from primary
    C-->>S: stream Git data to push
    S->>I: POST /api/v4/geo/proxy_git_ssh/receive_pack
    I->>P: POST $PRIMARY/foo/bar.git/git-receive-pack
    P-->>I: HTTP/1.1 200 OK
    I-->>S: <response>
    S-->>-C: gitlab-shell receive-pack response

After

sequenceDiagram
    participant C as Git on client
    participant S as GitLab Shell
    participant I as Workhorse & Rails
    participant P as Workhorse & Rails

    Note left of C: git fetch
    Note over S,I: Secondary site
    Note over P: Primary site
    C->>+S: ssh git receive-pack request
    S->>I: SSH key validation (api/v4/internal/authorized_keys?key=..)
    I-->>S: HTTP/1.1 300 (custom action status) with {endpoint, msg, primary_repo}
    S->>I: POST /-/push_from_secondary/2/foo/bar.git/info/refs/?service=git-receive-pack
    I->>P: Proxy to primary
    P-->>I: HTTP/1.1 200 OK
    I-->>S: <response>
    S-->>C: return Git response from primary
    C-->>S: stream Git data to push
    S->>I: POST /-/push_from_secondary/2/foo/bar.git/git-receive-pack
    I->>P: Proxy to primary
    P-->>I: HTTP/1.1 200 OK
    I-->>S: <response>
    S-->>-C: gitlab-shell receive-pack response

Note that this proposal is different from a previous initial attempt to proxy via Workhorse which was abandoned:

• gitlab-workhorse!319 (closed)
• gitlab-workhorse!320 (closed)
• !8324 (closed)

The difference is that today, we can take advantage of Workhorse proxying pieces already in place https://docs.gitlab.com/ee/administration/geo/secondary_proxy/index.html which allow Workhorse to proxy the stream to the primary instead of copying it. Though this proposal doesn't resolve the fact that gitlab-shell already holds a copy.