Document implicit group permissions when member of a project

When a user is a member of a project under a group, we give the user access to the group.

So even if the group was private and the user is not a member, they will be able to view the group and view issues / boards but scoped only to the projects he has access to.

We should document this behavior since it has caused confusion even internally.

https://gitlab.com/gitlab-org/gitlab-ce/issues/38843#note_147621561