Expose project settings in REST API only for maintainer+ users

What does this MR do and why?

Expose project settings in REST API only for maintainer+ users

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

1. Add a user to as a Guest to a project.
2. Create a personal access token as that user and then query the REST API curl --header "Authorization: Bearer <ACCESS-TOKEN>" "http://127.0.0.1:3000/api/v4/projects/<PROJECT_ID>"
3. You shouldn't see any project settings.
4. However, if you upgraded that user to the Maintainer of the project, you should see all the project settings

Related to #442899 (closed)