[18.8] Exclude group-covered projects from search authorization to reduce redundant payload

What does this MR do and why?

Backports !224687 (merged) which excludes group-covered projects from search authorization to reduce redundant payload.

When a project is shared with a group via a group link, Search::ProjectsFinder can return that project as an individual entry even when the project's namespace is already covered by the user's group membership. For large namespaces (10k+ projects), this produces ~180 KB of redundant payload per access branch in Zoekt, potentially causing HTTP 413 errors.

Backport notes for 18.8:

• Merge conflict resolved in ee/spec/lib/search/zoekt/access_branch_builder_spec.rb — the new integration test context (describe 'project ID filtering optimization') and helper methods (extract_repo_ids, extract_traversal_ids, extract_from_filter) were not yet present in the 18.8 stable branch. Resolved by taking the incoming changes.

Related:

• Original MR: !224687 (merged)
• Issue: #590935 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• This MR is backporting a bug fix, documentation update, or spec fix, previously merged in the default branch.
• The MR that fixed the bug on the default branch has been deployed to GitLab.com (not applicable for documentation or spec changes).
• The MR title is descriptive (e.g. "Backport of 'title of default branch MR'"). This is important, since the title will be copied to the patch blog post.
• Required labels have been applied to this merge request
  • severity label and bug subtype labels (if applicable)
  • If this MR fixes a bug that affects customers, the customer label has been applied.
• This MR has been approved by a maintainer (only one approval is required).
• Ensure the e2e:test-on-omnibus-ee job has succeeded, or if it has failed, investigate the failures. If you determine the failures are unrelated, you may proceed. If you need assistance investigating, reach out to a Software Engineer in Test in #s_developer_experience.

Note to the merge request author and maintainer

If you have questions about the patch release process, please:

• Refer to the patch release runbook for engineers and maintainers for guidance.
• Ask questions on the #releases Slack channel (internal only).
• Once the backport has been merged, the commit changes will be automatically deployed to a release environment that can be used for manual validation. See after merging runbook for details.