Can add an existing group member into a group project with new permissions but permissions are not overridden

Summary

When adding a existing group member into a project with different permissions, the permissions are not overridden.

Steps to reproduce

1. In a group add a member Z with maintainer permission
2. In the same group, create a project and add member Z with guest permission
3. Protect the master branch so that only members with maintainer permission can push
4. Ask member z to push to the master branch

Example Project

Tested it on https://gitlab.com/my-super-duper-awesome-group/my-super-duper-awesome-group.gitlab.io

What is the current bug behavior?

Member Z is able to push to the master branch

What is the expected correct behavior?

Since the functionality is to not override member permissions in group projects[1], we shouldn't be able to add existing members with a lower project-specific role if they're inheriting from a parent group.

Since projects inherit roles from their parent group, we shouldn't allow the setting of a "lower" role in a one of these projects. In the scenario in the description, we should present an error in the UI and not allow the member's role to be set below Maintainer.

1. https://gitlab.com/gitlab-org/gitlab-ce/issues/38436