Accessing public project using another's project job token causes 403 error. That's because once the new public project is created, its project_feature.package_registry_access_level is set to ProjectFeature::ENABLED. However, we expect it to be ProjectFeature::PUBLIC to grant the user the :read_package permission.

In this MR, we add a new condition in the Packages::Policies::ProjectPolicy to grant the :read_package ability if the project is public and its package_registry_access_level is ProjectFeature::ENABLED.

Changelog: fixed