Consider catching/handling not_found access_denied in GraphQL mutation middleware

At the moment we have quite a lot of duplication in GraphQL mutation code and service code.

We check whether things exists and the user has permission and hopefully raise the generic raise_resource_not_available_error without leaking entity existence etc

Could we do something smarter where our services throw standard exceptions (like not found/access denied) and some GraphQL middleware rescues and rethrows raise_resource_not_available_error?

Loosely related to !200882 (comment 2689020240) // #561657 (closed)

/cc @gitlab-org/graphql-experts