Frontend: Change secrets manager permissions modal user fetching to GraphQL

Why are we doing this work

When adding user permissions for the secrets manager, it currently fetches project/group members (only direct & inherited) using rest API endpoints, and does not filter for access level (secrets manager requires reporter+ access). So one would see users in the permissions modal dropdown that they cannot actually add successfully as those users may not have requisite access levels and would lead to an API error. As per #589993 (closed) we also need to exclude owners from this list.

Expected behavior: When a project/group owner opens the modal to add user permissions for the secret manager, they should see only members (direct, inherited, and from invited groups) with reporter+ access excluding owners.

---

Implementation plan

• Utilize the app/assets/javascripts/graphql_shared/queries/project_user_members_search.query.graphql and group equivalent, in the secrets manager permissions modal. Make use of the access_level argument and relations argument as seen in the resolvers (ex. app/graphql/resolvers/group_members_resolver.rb)

Verification steps

1. Upload a Premium license (or above).
2. Set up openbao and enable the secrets manager on your gdk.
3. Enable the secrets_manager_group feature flag.
4. Go to your group settings (Settings > General) and expand Visibility, project features, permissions or Permissions and group features, scroll down to secret manager and click enable if it is not already
5. Click the Add dropdown button and select Users
6. Click the listbox dropdown to search for users
7. Verify that it only shows all members with reporter+ access (direct, inherited, invited groups) and excludes owners