Allow public access to some Project API endpoints

What does this MR do?

This opens up a few endpoints in the Project API:

• GET /projects/visible (returns public projects only)
• GET /projects/search/:query (returns results only for public projects)
• GET /projects/:id (only if the project is public)
• GET /projects/:id/events (only if the project is public)
• GET /projects/:id/users (only if the project is public)

Are there points in the code the reviewer needs to double check?

I've chosen to explicitly add authenticate! to GET methods that still need a current user.

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated
• API support added
• Tests
  • Added for this feature/bug
  • All builds are passing

Part of #4269 (closed)