Add `admin_runners` custom role permission

What does this MR do and why?

This change introduces a new custom permission to allow users the ability to manage runners for a group or project.

#442851 (closed)

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Before	After
	After: Enable/Disable instance runners for Group

How to set up and validate locally

1. In rails console enable the experiment fully

   Feature.enable(:custom_ability_admin_runners)

2. Create a role with the Admin Runners permission enabled.
3. Assign the new role to a new user
4. Login with the new user
5. Visit any project page and ensure that the Settings menu item appears in the navigation.
6. Click on the Settings menu and ensure that the CI/CD menu item appears.
7. Click on the CI/CD menu.
8. Ensure that the Runners section appears.
9. Click on Expand
10. Ensure that the list of runners are displayed.

ee/app/models/auth/member_role_ability_loader.rb

@@ -2,31 +2,31 @@
 
 module Auth
   class MemberRoleAbilityLoader
-    include Gitlab::Utils::StrongMemoize
-
-    def initialize(user:, resource:, ability: :undefined)
+    def initialize(user:, resource:, ability:)
       @user = user
       @resource = resource
       @ability = ability
     end
 
     def has_ability?
-      allowed?(ability)
-    end
-
-    def allowed?(permission)
       return false unless user.is_a?(User)
-      return false unless permission_enabled?(permission)
+      return false unless permission_enabled?
 
-      roles[resource.id]&.include?(permission)
+      roles = if resource.is_a?(::Project)
+                preloaded_member_roles_for_project[resource.id]
+              else # Group
+                preloaded_member_roles_for_group[resource.id]
+              end
+
+      roles&.include?(ability)
     end
 
     private
 
     attr_reader :user, :resource, :ability
 
-    def permission_enabled?(permission)
-      ::MemberRole.permission_enabled?(permission)
+    def permission_enabled?
+      ::MemberRole.permission_enabled?(ability)
     end
 
     def preloaded_member_roles_for_project
@@ -42,14 +42,5 @@ def preloaded_member_roles_for_group
         user: user
       ).execute
     end
-
-    def roles
-      if resource.is_a?(::Project)
-        preloaded_member_roles_for_project
-      else # Group
-        preloaded_member_roles_for_group
-      end
-    end
-    strong_memoize_attr :roles
   end
 end