Write exhaustive tests around project policy

In https://gitlab.com/gitlab-org/gitlab-ee/issues/12787#note_193244051 we noticed that making some changes to the ProjectPolicy didn't cause failures in project_policy_spec.rb.

We would need to ensure that the following tests are explicitly added to project_policy_spec.rb.

When project access level is PRIVATE

> p = Project.first
> p.public_builds
=> true

# project has PRIVATE access level (10) for all features
> p.project_feature
=> #<ProjectFeature:0x00007fa1cd564728
 id: 1,
 project_id: 1,
 merge_requests_access_level: 10,
 issues_access_level: 10,
 wiki_access_level: 10,
 snippets_access_level: 10,
 builds_access_level: 10,
 created_at: Thu, 06 Jun 2019 14:09:11 UTC +00:00,
 updated_at: Tue, 16 Jul 2019 14:32:51 UTC +00:00,
 repository_access_level: 10,
 pages_access_level: 10>

# unauthenticated user
> ProjectPolicy.new(nil, p).allowed?(:read_build)
=> false

# user logged in but no access to the project
> ProjectPolicy.new(u, p).allowed?(:read_build)
=> false

# guest user
> guest = User.last
> p.add_guest(guest)
> ProjectPolicy.new(guest, p).allowed?(:read_build)
=> true

Unless we add a user as guest we don't allow :read_build even if public_builds = true.

When project access level is INTERNAL

> p.project_feature.update!(merge_requests_access_level: 20, issues_access_level: 20, wiki_access_level: 20, snippets_access_level: 20, builds_access_level: 20, repository_access_level: 20)

# allows guest users
> ProjectPolicy.new(guest, p).allowed?(:read_build)
=> true

# prevents unauthenticated users
> ProjectPolicy.new(nil, p).allowed?(:read_build)
=> false

When project access level is PUBLIC

> p.visibility_level = Project::PUBLIC
=> 20
> p.save!
=> true
> p.project_feature.update!(merge_requests_access_level: 20,  builds_access_level: 20, repository_access_level: 20)

# unauthenticated user is allowed
> ProjectPolicy.new(nil, p).allowed?(:read_build)
=> true

# any user logged in
> ProjectPolicy.new(u, p).allowed?(:read_build)
=> true

These seem to match exactly the expectations when public builds are enabled. However it would be good to see more exhaustive testing around these permissions because the ProjectPolicy specs don't cover well these scenarios with public builds. That's why after changing the policy, none of the tests failed.