Members API: Allow group Owners to obtain enterprise users emails

What does this MR do and why?

Related to

• Members API update: Allow Group Owners to obtai... (#391453 - closed)
• Allow provisioning group owners to view billabl... (#388782 - closed)

Related MRs:

• Expose user email to group managed account owners (!30584 - merged)
• Allow provisioning group to view member email a... (!105595 - merged)
• Expose Email for Billable Members in API Endpoi... (!127927 - merged)

The following Group and project members API endpoints

GET /groups/:id/members
GET /projects/:id/members

POST /groups/:id/members
POST /projects/:id/members

GET /groups/:id/members/all
GET /projects/:id/members/all

GET /groups/:id/members/:user_id
GET /projects/:id/members/:user_id

GET /groups/:id/members/all/:user_id
GET /projects/:id/members/all/:user_id

PUT /groups/:id/members/:user_id
PUT /projects/:id/members/:user_id

POST /groups/:id/members/:user_id/override
DELETE /groups/:id/members/:user_id/override

expose email attribute to group owners for users provisioned by the group. This MR changes the criteria for those endpoints to expose email addresses of enterprise users only. Also this MR limits exposing email addresses of enterprise users to API requests that are in the context of the group only, see for more details #391453 (comment 1702332372).

There is also GET /groups/:id/billable_members API endpoint. Currently, this endpoint expose email attribute

• with value as user's public_email
• if requested user is GitLab instance Admin, the value of the email attribute is user's primary email.

This MR updates this endpoint to allow group owners obtain enterprise users' primary emails.

Additionally, this MR

• finally eliminates all N+1 database queries for all those endpoints, see !135873 (comment 1718813223)
• does not cause N+1 and adds more N+1 tests to confirm that
• Optimizes those endpoints by removing eager loading provisioned_by_group for each member and does not add any new eager loading
• improves test coverage by adding new and complementing existing tests
• improves the code by removing the EoL code & simplifying the existing code

🎉

Screenshots or screen recordings

How to set up and validate locally

1. Make sure the GitLab instance simulates or a SaaS instance since Enterprise Users is a SaaS feature
2. Configure "Automatic claims of enterprise users". For testing purposes on the local environment you can claim the user manually from the Rails console:

User.find_by_username('USERNAME').user_detail.update(enterprise_group_id: GROUP_ID)

3. Add that user to group members.
4. Query each API endpoint mentioned above as a group owner. email attribute should be exposed for the enterprise user of the group.
5. For for more scenarios to test manually see tests added in this MR.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.