Events API only includes events associated with a project

Summary

The Events API is supposed to return all events for the specified params, but always filters for events associated with a project.

Steps to reproduce

1. Create an epic or personal snippet, and comment on them.
2. See the events appear in the user's Activity stream.\
   • created and commented for epics.
   • commented for personal snippets.
3. Query the Events API (either the /events or /users/:id/events endpoint) and see the events missing.

What is the current bug behavior?

Events not associated with a project are excluded.

What is the expected correct behavior?

Events not associated with a project are included.

Output of checks

This bug happens on GitLab.com

Possible fixes

We're doing an INNER JOIN projects when checking project permissions at https://gitlab.com/gitlab-org/gitlab/blob/a86cedf891969173aaa45716c370fab08a8f7782/app/finders/events_finder.rb#L63, which means all events without a project_id are excluded.

We should instead use a LEFT JOIN and change the query so the permission check only applies to project events. We should also add any necessary checks for group or user namespace access.