Group managed accounts should not be publicly visible

Overview

In &709 (closed), we're adding the concept of a "Group Managed Account".

By default, we treat all users in GitLab as public (in API calls like getting all users and in the member auto-complete). Since group managed accounts are intended to be used with a single group (and thus rendered inaccessible if the user leaves the organization), we should consider removing group managed accounts from these publicly available areas.

Proposal

• Group managed accounts should not be available in user API calls that do not require authentication.
• Group managed accounts should be available in API calls if the executor is an authenticated/authorized member of the group.
• We should handle auto-complete and user profiles in a similar fashion; these users are not available unless the executor is a member of the group, at which point they would be able to access member information for members in that group. Group Managed Account user profiles should 404 when users (who are not Instance Administrators) who are not also in the Managed Group try to view them.