Draft: Add a new permission for the container expiration policy

Open t4r7k requested to merge t4r7k/gitlab:master into master

What does this MR do and why?

This merge request adds a new permission for container expiration policy. As described at #220259, the container expiration policy is currently gated behind the destroy_container_image permission which is not explicit.

Risks

If the refactoring is not done correctly, access to the container expiration policy feature could be denied to users.

  • This risk is mitigated by the test suite.

Closes #220259