Fix authorizations for epic boards

What does this MR do?

• in specs for EpicBoardsController we didn't stub epics licensed feature. Therefore the tested behaviour was not correct (see inline comments). This MR fixes that
• as a result we missed that the permissions are checked to late for index action. This MR extracts the authorization to the existing concern.

What was happening before this MR

The user enters the index and the code processes before from the BoardsActions concern. The first is boards method where a new board is created.

After that the code goes for the authorization in the EpicBoardsController. A new board was created already (if needed) even in case a user can't access the page (this includes epics not enabled). Additionally, the check in the controller is only for index not for show action.

After the MR

The authorization check is done as the first thing in the BoardsActions concern.

Does this MR meet the acceptance criteria?

Conformity

• 📋 Does this MR need a changelog?
  • I have included a changelog entry.
  • I have not included a changelog entry because _____.
• [-] Documentation (if required)
• Code review guidelines
• [-] Merge request performance guidelines
• Style guides
• [-] Database guides
• Separation of EE specific content

Availability and Testing

• Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.