RFC 40: Integrate permissions checking logic into `authzFilter`

Created by: unknwon

This PR implements #7300, which does two things:

1. Blocking access to all repositories if found both code host authz providers and permissions user mapping are configured.
2. Filter repositories against local Postgres DB (i.e. permissions tables).

Uint tests will be added once people agree that code logics are added in the reasonable places.

Stacked on #7754.