UX: Improve experience for users without security attributes permissions

Description

During testing, users without permissions to manage security attributes encounter a confusing experience where they can see the security attributes interface but cannot understand why they cannot add or modify attributes.

Problem Statement

• Users without security attributes permissions see empty columns in the Security Inventory table when no attributes are present
• No visual indication explains why the "Add security attribute" action is unavailable and why the column is empty. This could be misinterpeted as a bug.
• Users are unaware they lack the necessary permissions to manage security attributes

Proposed Solution

Based on team discussion:

Security inventory updates

1. Add information icon to the Security attributes column header in the Security Inventory explaining security attribute permissions
2. Display placeholder text ("None" or "—") in light gray for rows where:
   • User lacks permission to manage attributes
   • No attributes are currently present
   • Note: this will peplace the missing "Add security attribute" action

Project security configuration updates

1. Remove all actions on the Security attributes tab when a user lacks permission to manage attributes.
2. Update the description text from:
   1. Current: Security attributes help classify and organize your projects. Attributes are managed at the group level. You can add or remove attributes to this project as needed.
   2. Proposed: Security attributes help classify and organize your projects. Attributes are managed at the group level. Project Owners and Maintainers can add or remove attributes to this project as needed.

Acceptance Criteria

Security Inventory Updates:

• Information icon added to the "Security attributes" column header in the Security Inventory table
• Tooltip on information icon explains security attribute permissions and requirements
• Light gray placeholder text ("None" or "—") displays in security attributes column when:
  • User lacks permission to manage attributes AND no attributes are present
  • This replaces the missing "Add security attribute" action
• Clear visual distinction between "no attributes assigned" vs "no permissions to view/manage"

Project Security Configuration Updates:

• All actions removed from the "Security attributes" tab when user lacks permission to manage attributes
• Description text updated from current version to proposed version that includes permission requirements:
  • Current: "Security attributes help classify and organize your projects. Attributes are managed at the group level. You can add or remove attributes to this project as needed."
  • New: "Security attributes help classify and organize your projects. Attributes are managed at the group level. Project Owners and Maintainers can add or remove attributes to this project as needed."

User Experience Validation:

• Users without permissions understand why they cannot add/modify security attributes
• No confusion about empty columns appearing as potential bugs
• Design mockups created and reviewed by team
• Accessibility requirements met for information icons and placeholder text

Testing:

• Verify behavior for users with different permission levels (Owner, Maintainer, Developer, Reporter, Guest)
• Test scenarios with projects that have no security attributes vs projects with existing attributes
• Confirm tooltip content is clear and helpful