Investigate dependency between Custom roles and Protected branches

After removing the old flow of protecting branches on project level and defaulting fully to use branch rules, we discovered there's a dependency between Custom roles and Protected branches:

@rkelly: I have a customer reporting that as of today their Custom Role with Manage Protected Branches permissions is no longer able to view or edit Branch Rules. Could this be related to the recent change that hides the Protected Branch settings in favor of Branch Rules? I was able to reproduce the behavior using my own custom role based on the Developer role with Manage Protected Branches permissions.

Users with a custom role lost the ability to edit branch protections. There is no separate custom role permission for Branch Rules, only for Protected Branches.

Example of a custom role abilities failing after the initial removal

We need to make sure that custom roles still have the ability to protect branches via branch rule flow.

custom_admin_roles have been generally available since %18.3 (see https://docs.gitlab.com/user/custom_roles/), while we enabled and finished majority of the work on branch rules edit in %17.5, but still kept the old flow for a transition period. I believe that's why the problem occured.