Refactor duplicative free or user access checks in ai policies

Problem:

For every Duo enterprise service we have similar code

    # Authorize access to the troubleshoot job to Cloud Connector Service
    condition(:troubleshoot_job_cloud_connector_authorized) do
      next true if troubleshoot_job_connection.allowed_for?(@user)

      next false unless troubleshoot_job_connection.free_access?

      if ::Gitlab::Saas.feature_available?(:duo_chat_on_saas) # check if we are on SaaS
        user.any_group_with_ai_available?
      else
        License.feature_available?(:ai_features)
      end
    end

Proposal

Dry this up