GraphQL Type authorization

What does this MR do?

Enables authorizations to be defined on GraphQL Types.

A single permission:

module Types
  class ProjectType < BaseObject
    authorize :read_project
  end
end

A collection of permissions:

module Types
  class ProjectType < BaseObject
    authorize [:read_project, :another_permission]
  end
end

Type and Field authorizations together

Permissions are cumulative, so where permissions are defined in both the Type and the Field:

class UserType
  authorize :some_permission
end

class IssueType
  field :author, UserType, authorize: :another_permission
end

The currently authenticated user would need both permissions on the User.

Connection authorizations

Connection fields are checked by "digging" to find the type class of the "node" field in the expected location of edges->node.

What are the relevant issue numbers?

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54417

Does this MR meet the acceptance criteria?

• Changelog entry added, if necessary
• Documentation created/updated via this MR
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Conforms to the code review guidelines
• Conforms to the merge request performance guidelines
• Conforms to the style guides
• Conforms to the database guides
• Security reports checked/validated by reviewer