Backport of 'Filter group template projects by user visibility and membership'

What does this MR do and why?

Filter group template projects by user visibility and membership

templates_available? lacked a nil-user guard, causing NoMethodError for unauthenticated callers. The execute query chain also omitted a visibility scope, so private template projects were surfaced to users who weren't project members, and the template picker showed templates from groups the user had no access to.

Add user && guard to templates_available? and chain .public_or_visible_to_user(user) onto the execute query so that public and internal templates are visible to any authenticated user while private templates are restricted to project members.

Resolves #601253 (closed)

Changelog: fixed EE: true

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• This MR is backporting a bug fix, documentation update, or spec fix, previously merged in the default branch.
• The MR that fixed the bug on the default branch has been deployed to GitLab.com (not applicable for documentation or spec changes).
• The MR title is descriptive (e.g. "Backport of 'title of default branch MR'"). This is important, since the title will be copied to the patch blog post.
• Required labels have been applied to this merge request
  • severity label and bug subtype labels (if applicable)
  • If this MR fixes a bug that affects customers, the customer label has been applied.
• This MR has been approved by a maintainer (only one approval is required).
• Ensure the e2e:test-on-omnibus-ee job has succeeded, or if it has failed, investigate the failures. If you determine the failures are unrelated, you may proceed. If you need assistance investigating, request help in the #s_developer_experience Slack channel to confirm the failures are unrelated to the merge request.

Note to the merge request author and maintainer

If you have questions about the patch release process, please:

• Refer to the patch release runbook for engineers and maintainers for guidance.
• Ask questions on the #releases Slack channel (internal only).
• Once the backport has been merged, the commit changes will be automatically deployed to a release environment that can be used for manual validation. See after merging runbook for details.