Merge branch 'project-existence-leak' into 'master'
Don't leak information about private project existence via Git-over-SSH/HTTP. Fixes #2040 and #343. Both `Grack::Auth` (used by Git-over-HTTP) and `Api::Internal /allowed` (used by gitlab-shell/Git-over-SSH) now return a generic "Not Found" error when the project exists but the user doesn't have access to it. See merge request !1578
Showing with 196 additions and 41 deletions