Add authorization checks to import status endpoint

The GET /api/v4/project/:ID/import endpoint can be used by users to see information about a project import like status, errors, stats, etc.

The endpoint returns 404 if the user doesn't have permission to READ the project and 200 if the user has permission. In other words, the endpoint is available for all public projects. And for private projects only if the user has a READ permission role.

Problem

The endpoint exposes information like failed_relations.exception_message and error_message, which can contain sensitive information, like access token or URL, if not filtered out.

For example, https://gitlab.com/api/v4/projects/46692792/import shows the import details of an imported project from GitHub.

Solution

To ensure security, it is ideal to limit access to the endpoint only to users with import capabilities, specifically maintainers users and above. This will prevent unnecessary exposure to unauthorized users.