Simplify session with trust check to only consider user

[aduth]

🛠 Summary of changes

Replaces session_with_trust? with user_signed_in?, removing consideration of current page.

Users::SessionController#new cannot be visited if a user is present (source), so the second part of this condition is redundant.

This also fixes an issue obfuscated by previous tests where the return value was not always a boolean but could instead return the full user object when present. It now always returns a boolean. Edit: Removed helper altogether in b2cb5a9.

📜 Testing Plan

Verify DAP is loaded only if signed out.

1. Set participate_in_dap: true in config/application.yml
2. Visit http://localhost:3000
3. Inspect page to verify DAP is present
4. Click "Forgot your password?"
5. Inspect page to verify DAP is present
6. Return to http://localhost:3000
7. Click "Create an account"
8. Inspect page to verify DAP is present
9. Return to http://localhost:3000
10. Sign in
11. Inspect page to verify DAP is NOT present

[aduth]

I had a misunderstanding of the purpose of page_with_trust? here. The idea is to default to considering a page "trusted" to catch additional scenarios where a user may not be considered signed-in, but we still do not want to render DAP (e.g. new user confirmation).

In practice, this means that DAP is really only rendered on the "Sign In" page.

I think this should still be simplified, but I'm inclined to either (a) target the new session page more precisely (e.g. variable assigned from the controller action) or (b) reuse parts of #10292 if we want to generalize this idea of a "public, crawlable page".