Update permissions for epic quick actions

Related to #382503 (closed)

What does this MR do and why?

As a follow up to !106415 (merged) which updated the role required to add and remove child epics (from Reporter to Guest) we need to update ee/lib/ee/gitlab/quick_actions/epic_actions.rb to match them these new permissions.

I did some refactoring so be able to reuse existing code but the key differences are:

1. Instead of requiring :admin_epic for the target epic, we'll require :admin_epic_tree_relation

This ability is more lenient than :admin_epic. It requires Guest role instead of Reporter but includes includes a check for the subepics feature.

2. Instead of requiring :read_epic for the parent or child epic, we'll require :admin_epic_tree_relation.

This ability is more strict than :read_epic because non-member can sometimes read epics, but this change is necessary for cross-group child epics feature and it should have been updated to :admin_epics when implementing that feature.

How to set up and validate locally

1. Create two epics in a public group
2. Visit one of the epics impersonating a user with the Guest role
3. Add the other epic as a parent using the command /parent_epic epic_url. This should not raise any errors.
4. Remove the parent using the command /remove_parent_epic
5. Add the other epic as a child using the command /child_epic epic_url.
6. Remove the added child with /remove_child_epic epic_url.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.