Maven virtual registry: refine access requirements

🔥 Problem

Currently, accessing (pulling file through) the Maven virtual registry requires:

1. be an administrator or
2. be a direct members of the top level group (guest) or
3. be a direct member of one of the included projects.

We would like to remove (3.).

Before doing so, we're going to have a Transition period. This issue prepares everything for that.

🐟 Transition period

backend tasks:

• Log users that are granted read_virtual_registry through rule (3.). Log transparently (eg. the access is still granted) the situation.

frontend tasks:

• Add an UI Banner in virtual registry pages announcing that (3.) will be removed from the requirements.

Additional tasks:

• Communicate this in the feedback issue.