Repository import still allows to import 40 hexadecimal branches

Related to previously closed issue #361179 (closed)

As flagged by @proglottis in https://gitlab.com/gitlab-org/security/gitlab/-/issues/714#note_1092057356 it's still possible to perform repository import and have 40 hexadecimal branch imported.

When using import by URL the after_import method is still called, remove_prohibited_branches returns early because exists? returns false, which looks like a cached value which should be true at this point.

Potential solution

Perhaps these 2 method calls are in a wrong order:

def after_import
    repository.remove_prohibited_branches
    repository.expire_content_cache
...