Hide merge requests from banned users

What does this MR do and why?

When the ban_user_feature_flag is enabled and a user is banned, we currently hide issues. This MR extends that functionality to also hide merge requests.

When logged in as auditor or admin, hidden merge requests (and issues) remain visible, with a spam icon to highlight their status.

Database

This adds a scope without_hidden that is applied when viewing merge requests.

This is the query with the feature flag disabled (explained):

SELECT
	"merge_requests".*
FROM
	"merge_requests"
WHERE
	"merge_requests"."target_project_id" = 278964
	AND("merge_requests"."state_id" IN(1))
ORDER BY
	"merge_requests"."created_at" DESC,
	"merge_requests"."id" DESC
LIMIT 20 OFFSET 0

This is the query with the feature flag enabled (explained):

SELECT
	"merge_requests".*
FROM
	"merge_requests"
WHERE
	"merge_requests"."author_id" NOT IN(
            SELECT "banned_users"."user_id" FROM "banned_users"
        )
	AND "merge_requests"."target_project_id" = 278964
	AND("merge_requests"."state_id" IN(1))
ORDER BY
	"merge_requests"."created_at" DESC,
        "merge_requests"."id" DESC
LIMIT 20 OFFSET 0

Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/375964

Epic: &5741

Screenshots or screen recordings

	Index	Show
Logged in as admin
Logged in as guest

How to set up and validate locally

1. Enable the banned users feature in the Rails console:

Feature.enable(:ban_user_feature_flag)

1. Create a public project.
2. Impersonate a user and create a public merge request in the project.
3. Stop impersonation.
4. Ban the user (user's page > Settings > Ban user)
5. View the project page as an admin, and as a guest.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.