Disable the three dot menu for policies if the user is not authorized to manage policies

Summary

When a user is not authorized to manage policies, they still see the options "edit/delete" if they click on the three-dot menu button beside each policy. However, upon clicking on the actions(edit/delete), it returns an error or 404 as they are not authorized to perform those actions.

Steps to reproduce

• Create a project inside a group. Ex: Gitlab Org > test-project-1
• Create a project security policy. Example: Merge request approval policy
• Invite a user with a "developer/maintainer/owner" role to the project. The user is either not invited to the project group or have a group role below developer

Log in to the user account.

• Go to project view: test-project-1
• Go to Secure > Policies tab
• Click on the three dot button on the policy menu
• Click Edit
• User sees a 404 page.

Example Project

What is the current bug behavior?

What is the expected correct behavior?

• Disable the three dot menu if the user is not allowed to edit/delete policy.

Relevant logs and/or screenshots

project_policy_access_404

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info

(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application Check

Expand for output related to the GitLab application check

(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)
(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)
(we will only investigate if the tests are passing)

Possible fixes