authz/github: repo-centric perms sync from team/org perms caches

Created by: bobheadxi

Implements caching of groups permissions for repo-centric permissions sync. Follows up on the GitHub user-centric perms sync caching introduced in https://github.com/sourcegraph/sourcegraph/pull/23978 - see that PR for more information.

Repo sync now lists direct collaborators to a repo before querying for the organization and teams for users with access to this repo, and caching them as groups.

Group caches now includes both repositories and users. In general, the expectation is that:

1. User-centric sync will use and populate only Repositories in the cache
2. Repo-centric sync will use and populate only Users in the cache
3. If either comes across a prepopulated value for a field it is not meant to populate, it will attempt to add itself to the list and update the cache

Token-wise, verified that all this needs is repo and read:org

To review

• Bulk of real code is in authz/github/github.go
• Some API requests might be worth reading in internal/extsvc/github/v3.go
• Expanded integration tests in enterprise/cmd/repo-updater/internal/authz/integration_test.go
  • The recorded interactions here make it pretty visible how inefficient this is compared to just listing for users * repos < 5000 * 100 - in most smaller cases it is better to use the cacheless implementation. An argument for making this opt-in only.

Subsequent patches

(if we cut a patch release with this, we must include the following as well)

• https://github.com/sourcegraph/sourcegraph/pull/24471