Docs: Add authorization behavior to GraphQL API page

What does this MR do?

Adds an "Authorization" subsection under "Authentication" on the GraphQL API overview page (doc/api/graphql/_index.md). Documents how the API handles permission failures differently for queries and mutations:

• Query fields return null silently when the user does not have permission (no entry in the errors array). This is by design to prevent resource enumeration.
• For connection fields, null means unauthorized while { "nodes": [] } means authorized with no matching data.
• Mutations return the standard error message in the errors array.
• Includes troubleshooting guidance for unexpected null responses.

This behavior is documented in the GraphQL style guide and authorization guide for contributors, but was not covered in the customer-facing API docs.

Related issues

Closes #591318 (closed)

Author's checklist

• Optional. Consider taking the GitLab Technical Writing Fundamentals course.
• Follow the:
  • Documentation process.
  • Documentation guidelines.
  • Style Guide.
• If you're adding a new page, add the product availability details under the H1 topic title.
• If you are a GitLab team member, request a review based on:
  • The documentation page's metadata.
  • The associated Technical Writer.

If you are a GitLab team member and only adding documentation, do not add any of the following labels:

• ~"frontend"
• ~"backend"
• ~"type::bug"
• ~"database"

These labels cause the MR to be added to code verification QA issues.

Reviewer's checklist

Documentation-related MRs should be reviewed by a Technical Writer for a non-blocking review, based on Documentation Guidelines and the Style Guide.

If you aren't sure which tech writer to ask, use roulette or ask in the #docs Slack channel.

• If the content requires it, ensure the information is reviewed by a subject matter expert.
• Technical writer review items:
  • Ensure docs metadata is present and up-to-date.
  • Ensure the appropriate labels are added to this MR.
  • Ensure a release milestone is set.
  • If relevant to this MR, ensure content topic type principles are in use, including:
    • The headings should be something you'd do a Google search for. Instead of Default behavior, say something like Default behavior when you close an issue.
    • The headings (other than the page title) should be active. Instead of Configuring GDK, say something like Configure GDK.
    • Any task steps should be written as a numbered list.
    • If the content still needs to be edited for topic types, you can create a follow-up issue with the docs-technical-debt label.
• Review by assigned maintainer, who can always request/require the reviews above. Maintainer's review can occur before or after a technical writer review.

---

AI-Generated Content Disclosure: This MR contains documentation written with assistance from Claude Code. The output has been reviewed for correctness and validated against project requirements per GitLab's AI contribution guidelines.