Add native support for disabling GraphQL introspection

[TimHaerkens]

Goes along with statamic/cms#13880

Statamic uses rebing/graphql-laravel under the hood, which supports disabling introspection via graphql.security.disable_introspection. However, Statamic's config/statamic/graphql.php does not expose this setting.

Currently, users must either call config() manually in their AppServiceProvider or publish the full config/graphql.php from the rebing package (which breaks Statamic's auto-configuration of the GraphQL schema). Neither is ideal, and introspection enabled in production is a known security concern.

Proposed solution: Add a security.disable_introspection option to config/statamic/graphql.php, controllable via a STATAMIC_GRAPHQL_INTROSPECTION_DISABLED env variable, and forward it to the rebing config in the existing ServiceProvider boot logic.