GitLab 11.2 limited the time-to-live (TTL) of unauthenticated sessions
via https://gitlab.com/gitlab-org/gitlab/merge_requests/6586 using
`before_action` in `ApplicationController`. However, this broke OAuth2
logins, which set the `current_user` **after** a login is successful, so
we moved it to an `after_action` in
https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/21144.

However, anonymous users attempting to access a private or internal
project would be redirected to the sign-in page with a long session
time. This happened because `ApplicationController#route_not_found`
would be called by `find_routable!` when a user did not have access to
the project.

To fix this, we bring back the `before_action` and add a check in
`after_action` to bump up the session time if there is a user.

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/340967

Changelog: fixed