Resolve "Backend: Expose secrets count via GraphQL for project delete/transfer warning"

What does this MR do and why?

This MR adds new root-level GraphQL fields to fetch the total number of secrets in a project or group, in the interest of showing the number of secrets that would be lost when a project/group is deleted or transferred.

• Adds ProjectSecretsCountResolver and GroupSecretsCountResolver — enforce authorization (read_project_secrets / read_secret) before delegating to the pre-existing count services, returning null when the secrets manager is absent or inactive.
• Exposes two new root-level GraphQL fields (projectSecretsCount, groupSecretsCount) with updated introspection and docs.
• Adds request specs for both endpoints covering the active/inactive, no-secrets, with-secrets, and authorization cases.

Note: ProjectSecretsCountService and GroupSecretsCountService already existed — this MR only adds the GraphQL surface on top of them.

References

Associated frontend issue that will consume these endpoints - #583210

Screenshots or screen recordings

How to set up and validate locally

1. Upload a Premium license (or above).
2. Set up openbao and enable the secrets manager on your gdk.
3. Enable the secrets_manager and group_secrets_manager feature flags.
4. Go to your project/group settings (Settings > General) and expand Permissions and group features (for groups) or Visibility, project features, permissions for projects. Enable the secrets manager for your project/group with the settings toggle.
5. Go to /path-to-group-or-project/secrets/new to create a secret.
6. Query the new endpoints in the graphql explorer as in the screenshots above

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #593451 (closed)