Fix scope of GET /projects/:id/runners endpoint
In the GET /projects/:id/runners REST API endpoint, we're not taking the following setting into account, and are therefore potentially returning runners that the user doesn't have access to:
We should fix the Ci::Runner.owned_or_instance_wide
scope so that it doesn't return group runners unless project.group_runners_enabled?
is true.