Add a spec to ensure that auditors have all read_* permissions for groups and projects

There are many gaps that surface where auditors are denied read access to data. Additionally, we don't have any checks in place to ensure that a newly introduced "read" permissions is enabled for auditors. Aa spec should be written to ensure that all read permissions in the GroupPolicy and ProjectPolicy are enabled for auditors.

An initial test (stale) showed the missing permissions

Projects missing 54 read permissions

:read_ai_agents
:read_all_organization_resources
:read_ci_pipeline_schedules_plan_limit
:read_cluster_agent
:read_commit_committer_check
:read_commit_committer_name_check
:read_compliance_adherence_report
:read_compliance_dashboard
:read_compliance_violations_report
:read_coverage_fuzzing
:read_dedicated_hosted_runner_usage
:read_deploy_board
:read_deploy_token
:read_dora4_analytics
:read_enterprise_ai_analytics
:read_external_emails
:read_feature_flag
:read_freeze_period
:read_google_cloud_artifact_registry
:read_grafana
:read_harbor_registry
:read_import_error
:read_internal_note
:read_iteration
:read_limit_alert
:read_member_access_request
:read_member_role
:read_namespace_catalog
:read_observability
:read_pod_logs
:read_pro_ai_analytics
:read_product_analytics
:read_prometheus
:read_protected_branch
:read_protected_tags
:read_reject_non_dco_commits
:read_reject_unsigned_commits
:read_resource_group
:read_runner
:read_runner_cloud_provisioning_info
:read_runner_gke_provisioning_info
:read_runner_usage
:read_runners_registration_token
:read_saved_replies
:read_secret_push_protection_info
:read_secure_files
:read_security_configuration
:read_security_orchestration_policy_project
:read_sentry_issue
:read_statistics
:read_storage_disk_path
:read_usage_quotas
:read_vulnerability_statistics
:read_web_hook

Groups missing 44 read permissions

:read_ci_cd_analytics
:read_code
:read_confidential_epic
:read_counts
:read_crm_contact
:read_crm_organization
:read_dedicated_hosted_runner_usage
:read_deploy_token
:read_design_activity
:read_enterprise_ai_analytics
:read_epic_iid
:read_group_activity_analytics
:read_group_analytics_dashboards
:read_group_coverage_reports
:read_group_credentials_inventory
:read_group_saml_identity
:read_harbor_registry
:read_internal_note
:read_jobs_statistics
:read_limit_alert
:read_member_access_request
:read_member_role
:read_namespace_cluster_agent_mapping
:read_namespace_via_membership
:read_note
:read_package
:read_pro_ai_analytics
:read_product_analytics
:read_prometheus
:read_release
:read_resource_access_tokens
:read_runner_cloud_provisioning_info
:read_runner_gke_provisioning_info
:read_runner_usage
:read_runners_registration_token
:read_saml_user
:read_saved_replies
:read_security_configuration
:read_security_orchestration_policy_project
:read_statistics
:read_timelog_category
:read_usage_quotas
:read_vulnerability_statistics
:read_web_hook