Disable project and group sharing when setting a User Cap

What does this MR do?

Relates to #332601 (closed)

The purpose of this MR is to disable both project sharing and group sharing with other groups whenever a User Cap is set for this group (or this group's root ancestor).

To do so, this MR adds a few hooks to NamespaceSetting in order to:

• set NamespaceSetting#prevent_sharing_groups_outside_hierarchy to the related (root) group before save
• update NamespaceSetting#prevent_sharing_groups_outside_hierarchy to the namespace's descendants after save
• update Namespace#share_with_group_lock to related namespace (which then will trigger that same update on its descendants)

Considerations and possible follow-up

After updating the user cap to a number, share_with_group_lock and prevent_sharing_groups_outside_hierarchy are set to true. But this is not the case when reverting: setting the user cap back to nil won't set share_with_group_lock and prevent_sharing_groups_outside_hierarchy back to false. This is because these settings may have already been checked before setting the user cap at all.

This means that when removing the user cap, we may need to create a message to warn the user that sharing projects and groups will still be disabled afterwards.

Screenshots or Screencasts (strongly suggested)

The screenshot below shows a group with two children group. When updating the user cap for this group (via its namespace_settings), it sets the Namespace#share_with_group_lock and NamespaceSetting#prevent_sharing_groups_outside_hierarchy flag to true for this group as well as its descendants

08-09-2021: tests carried out after latest new commit.

1. Before update:

2. new_user_signups_cap update:

3. After update:

Previous set of tests

1. Before update:

2. new_user_signups_cap update. After the user cap is updated, two other UPDATE queries are triggered: one for Namespace records, one for NamespaceSetting records:

3. After update:

Conformity

• I have included changelog trailers, or none are needed. (Does this MR need a changelog?)
• I have added/updated documentation, or it's not needed. (Is documentation required?)
• I have properly separated EE content from FOSS, or this MR is FOSS only. (Where should EE code go?)
• I have added information for database reviewers in the MR description, or it's not needed. (Does this MR have database related changes?)
• I have self-reviewed this MR per code review guidelines.
• This MR does not harm performance, or I have asked a reviewer to help assess the performance impact. (Merge request performance guidelines)
• I have followed the style guides.
• This change is backwards compatible across updates, or this does not apply.

Availability and Testing

• I have added/updated tests following the Testing Guide, or it's not needed. (Consider all test levels. See the Test Planning Process.)
• I have tested this MR in all supported browsers, or it's not needed.
• I have informed the Infrastructure department of a default or new setting change per definition of done, or it's not needed.

Security

Does this MR contain changes to processing or storing of credentials or tokens, authorization and authentication methods or other items described in the security review guidelines? If not, then delete this Security section.

• Label as security and @ mention @gitlab-com/gl-security/appsec
• The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
• Security reports checked/validated by a reviewer from the AppSec team

Related to #332601 (closed)