User autocomplete scoped to authorized namespaces for Basic Search

What does this MR do and why?

Instead of returning all users in the autocomplete bar, we are scoping it to only return users in groups and projects the current_user is allowed to see. This will help by filtering out users someone isn't necessarily wanting to find as they would likely be searching for someone in their groups/projects.

-> This applies for global search only: if you are doing project or group level search, the users are scoped to that project/group.

-> This is for Basic Search only, Advanced Search is done in User autocomplete scoped to authorized namespac... (!182277 - merged)

-> The change is behind a feature flag users_search_scoped_to_authorized_namespaces.

-> This only applies for the autocomplete feature, not the global search feature (where all users will still be shown)

We use two finders to find source IDs for members in order to find the users we want to search on.

• GroupsFinder with all_available: false so that we don't include public groups. It returns current_user.authorized_groups.self_and_ancestors
• ProjectsFinder with non_public: true so that we don't include public projects. It returns current_user.authorized_projects

I chose not to include users from public groups/project because if we do, a user that belongs to any public group/project would always be included in the autocomplete pool. If your user belongs to a public group/project as a member (direct or shared), you'll be able to see users from that group/project.

Query plans

Groups:

• Primed 42.237 ms: https://postgres.ai/console/gitlab/gitlab-production-main/sessions/36705/commands/112712
• Unprimed 270.185 ms: https://postgres.ai/console/gitlab/gitlab-production-main/sessions/36705/commands/112711

Projects:

• Primed 11.562 ms: https://postgres.ai/console/gitlab/gitlab-production-main/sessions/36705/commands/112714
• Unprimed 192.283 ms: https://postgres.ai/console/gitlab/gitlab-production-main/sessions/36705/commands/112713

References

Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.

• Users search in command palette should only ret... (#442091 - closed)

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Demo: with the flag enabled we see different users returned (those that don't belong to the current user's groups/project), with the flag enabled we see only users in the current users's groups/projects.

basic_search_autocomplete

How to set up and validate locally

1. Disable advanced search. You can do this easily by returning false in def use_elasticsearch?
2. Disable the feature flag users_search_scoped_to_authorized_namespaces
3. Find or setup user data so that you have a few users matching a search term belonging to separate groups/projects, some the same as your logged in user.
4. Hit / on a gitlab page and type the search. Note how many users are returned.
5. Enable the flag users_search_scoped_to_authorized_namespaces
6. Perform autocomplete again and note that the results are restricted to the users belonging to the groups/project your logged in user sees.

Related to #442091 (closed)