Refactor RoutableActions to allow additional not_found checks

What does this MR do?

• Adds test coverage for RoutableActions
• Refactors the not_found_or_authorized_proc handling to allow additional checks.

Why

These CE changes evolved out of https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/12246

Allows us to handle resource level access restrictions differently depending on the circumstance. E.g. if we restricted access to a group/project by IP address we might want to show a warning page to explain why access was denied.

Further changes

We might wish to move the external authorization proc to this approach, instead of having to pass it in everywhere we do find_routable!(Project, ...).