This depends a lot on the solutions, and this varies from one implementation to the next. Some allow the login provided to bind - just like you mentioned, and others require a login for the initial bind request which is what gitlab requires.
However, putting these details in the file are not as high a security risk than you think. You provide a login which has the minimal amount of privileges which means it limits what they can do “if” they were obtained. However, this is unlikely since the gitlab.rb file only has root privileges, which means no-one is going to be able to see these details unless they have the root login in the first place. You can see that here:
-rw------- 1 root root 70K Jul 24 2019 gitlab.rb
as you can see, the permissions are 600. Therefore, it’s perfectly fine to do this, providing that your server is secured and root access on the server is limited. And even if someone did get it, you’ve limited what the login can do anyway because it only has read-only access to the AD/LDAP directory.
Gitlab isn’t the only application that integrates AD/LDAP this way, there are plenty of other commercial solutions that do it this way. And anonymous bind is definitely not advisable, it’s much more secure to do it with a read-only access login.