There are two layers of authentication for OAuth. Once the user is
successfully authenticated with OAuth provider, GitLab will check
whether the synced identity is blocked before allowing access to our
application.

The current audit log instrumentation on `sign_in_user_flow` does not
correctly intercept failed authentication from OAuth provider. It is
too late and rather used to capture the GitLab failed authentication
step.

This change ensures audit intercepts `failure` action which is invoked
on failed OAuth provider callback.