Address `read_namespace` semantic disjoint

Problem

Surfaced in #414993 (comment 1471084680) - a public namespace shouldn't have their name hidden even when an anonymous user is making the API call. However, due to a historical blip, read_namespace really means has_access which is anyone with a defined access, even Minimal. Anonymous access is not included.

Solution

Since read_namespace has a different meaning than its name, we should re-define read_namespace as "able to read", (even anonymously for public projects). But because this is a widely-used ability on a central GitLab object, we need to do so carefully so we don't allow anonymous access where it was not intended.

Suggested steps

• alias read_namespace as read_namespace_via_membership and change the policy calls to authorize :read_namespace_via_membership - to show that access is really what's meant. 👉 !126625 (merged)
• Introduce another policy read_namespace that simply means read only. Move all read_namespace_via_membership calls to this one as appropriate. This is on a case-by-case basis so will have to be done carefully.
  • For example, #414993 (closed) would be one such move.