feat: add GDPR consent status policies and validations

[Ang-m4]

Description

This pull request adds GDPR consent tracking to the learner model, allowing course enrollments to validate whether the current user has accepted the corresponding consent before enrolling in catalog courses.
When GDPR consent is declined, the user is unenrolled (deactivated) from the current catalog as intended in the use case.

Key changes

• Added two new fields to the CatalogLearner model:
  • gdpr_consent_status – stores the current consent state for the learner.
  • gdpr_consent_updated_at – stores the timestamp of the last consent change.
    Including the corresponding migrations and admin updates.
• Added learner endpoints to accept and decline GDPR consent under the .../gdpr_consent URL.
• Added enrollment validation so the user must have an accepted GDPR consent status before enrolling in a catalog course.
• Added support to deactivate (withdraw) GDPR consent via gdpr_consent_status, and trigger the corresponding deactivation of the learner’s catalog enrollment when consent is declined.

How to test

1. Make sure you have:
   • A catalog with at least one course.
   • A learner associated to that catalog (as a CatalogLearner).
2. As that learner, try to enroll in a catalog course without accepting GDPR:
   • The enrollment request should be rejected due to missing GDPR consent.
3. Call the GDPR consent accept endpoint under .../gdpr_consent for that catalog/learner:
   • Verify that gdpr_consent_status is set to the expected “accepted” value.
   • Verify that gdpr_consent_updated_at is updated.