We handle permissions incorrectly in the milestones resolver

Our guidance is that resolvers do not raise for missing permissions, but instead we must return null.

This is violated in the milestones resolver, which performs permission checks up-front (good!) and then raises (bad!).

Instead we should just use a field authorization for these resolvers.