Introduce Agent User Access Finder

NOTE: This MR is built on top of Persist user_access authorizations (!116902 - merged).

What does this MR do and why?

This MR introduces a finder for persisted user_access authorizations, which is used for optimizing AuthorizeProxyUserService.

A few notes:

• This feature is behind kas_user_access feature flag which is disabled by default. It's not exposed to end-users yet.
• These MRs are split into small pieces in order to reduce review load.
• See https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/-/blob/master/doc/kubernetes_user_access.md about how user_access authorization works.
• Related to Persist GitLab agent's user access configuratio... (#389430 - closed)

Query examples of the finder

For fetching user_access: projects authorizations:

SELECT
    agent_user_access_project_authorizations.*,
    project_authorizations.access_level AS access_level
FROM
    "agent_user_access_project_authorizations"
    INNER JOIN project_authorizations ON project_authorizations.project_id = agent_user_access_project_authorizations.project_id
    INNER JOIN "cluster_agents" ON "cluster_agents"."id" = "agent_user_access_project_authorizations"."agent_id"
    INNER JOIN "projects" ON "projects"."id" = "cluster_agents"."project_id"
WHERE
    "project_authorizations"."user_id" = 758045
    AND "project_authorizations"."access_level" >= 30

Time: 1.982 ms  
  - planning: 1.933 ms  
  - execution: 0.049 ms  
    - I/O read: 0.000 ms  
    - I/O write: 0.000 ms  
  
Shared buffers:  
  - hits: 1 (~8.00 KiB) from the buffer pool  
  - reads: 0 from the OS file cache, including disk I/O  
  - dirtied: 0  
  - writes: 0  

query plan

For fetching user_access: groups authorizations:

WITH "groups_with_direct_membership" AS MATERIALIZED (
    SELECT
        namespaces.id AS id,
        members.access_level AS access_level
    FROM
        "namespaces"
        INNER JOIN members ON members.source_id = namespaces.id
        AND members.source_type = 'Namespace'
    WHERE
        "namespaces"."type" = 'Group'
        AND "members"."user_id" = 758045
        AND "members"."access_level" >= 30
),
"all_groups_with_membership" AS MATERIALIZED (
    SELECT
        namespaces.id AS id,
        groups_with_direct_membership.access_level AS access_level
    FROM
        "namespaces"
        INNER JOIN groups_with_direct_membership ON namespaces.traversal_ids @> ARRAY [groups_with_direct_membership.id]
    WHERE
        "namespaces"."type" = 'Group'
)
SELECT
    DISTINCT ON (id) agent_user_access_group_authorizations.*,
    all_groups_with_membership.access_level AS access_level
FROM
    "agent_user_access_group_authorizations"
    INNER JOIN all_groups_with_membership ON all_groups_with_membership.id = agent_user_access_group_authorizations.group_id
    INNER JOIN "cluster_agents" ON "cluster_agents"."id" = "agent_user_access_group_authorizations"."agent_id"
    INNER JOIN "projects" ON "projects"."id" = "cluster_agents"."project_id"
ORDER BY
    id,
    access_level DESC

Time: 11.231 ms  
  - planning: 10.772 ms  
  - execution: 0.459 ms  
    - I/O read: 0.000 ms  
    - I/O write: 0.000 ms  
  
Shared buffers:  
  - hits: 7 (~56.00 KiB) from the buffer pool  
  - reads: 0 from the OS file cache, including disk I/O  
  - dirtied: 0  
  - writes: 0  

query plan

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.