Search confidential filter should use traversal_id optimization

Background

The search filter for confidential access still makes use of a huge list of project ids. This is known to be inefficient for both database and Elasticsearch in large SM instances or when a user has access to many groups/projects.

Proposal

Move the search filters for confidentiality to use the traversal_id optimization. The filters should gate confidentiality by a combination project_id and traversal_ids that the user has access to (similar to how membership filter is built, see group membership and project membership examples). The change should be made behind a derisk feature flag.

• convert the project level confidentiality filters
• convert the group level confidentiality filters