Add an API for querying if a user can edit biling

What does this MR do and why?

Issue: https://gitlab.com/gitlab-org/customers-gitlab-com/-/issues/9773+

Add an API for querying if a user can edit biling

We need to be able to determine the permission level of the user on CustomersDot, to verify if they are allowed to make a purchase for a given namespace.

Introduce a new API that will allow us to make this query based on the existing group policy, rather than duplicating the logic in CustomersDot.

CustomersDot MR: https://gitlab.com/gitlab-org/customers-gitlab-com/-/merge_requests/10450+

Why are we adding a new internal API?

CustomersDot authentication is changing to support the Cells architecture, and will be using a different authentication mechanism. We don't want to authenticate to the public rest API with this authentication method, and instead are moving all our API calls to internal endpoints.

Why not add this attribute to User/Member/Namespace?

This attribute relies on the user within the context of the namespace - and could depend on multiple membership records. It doesn't particularly belong to just one of these models, so I've moved it to a domain object.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

Create or find a namespace and grab its ID, and your user ID.

Test from CustomerDot

# user with permission
irb(main):001> Client::GitlabApp.get('/api/v4/internal/gitlab_subscriptions/namespaces/1/user_permissions/1', token: Client::GitlabApp::ADMIN_API_TOKEN)
=> {"edit_billing"=>true}

# user without permission
irb(main):002> Client::GitlabApp.get('/api/v4/internal/gitlab_subscriptions/namespaces/1/user_permissions/2', token: Client::GitlabApp::ADMIN_API_TOKEN)
=> {"edit_billing"=>false}

Test from CURL

# create a personal access token as an admin with api and admin mode scopes
curl --request GET --header "PRIVATE-TOKEN: glpat-<ADMIN-PAT>" "http://localhost:3000/api/v4/internal/gitlab_subscriptions/namespaces/1/user_permissions/1"