Filter out soft-deleted repositories when syncing permissions

Created by: unknwon

We do eventually skip them in our current implementation, but it would be nice avoid returning them in the first place.

For both PermsStore.RepoIDsWithNoPerms and PermsStore.ReposIDsWithOldestPerms methods, they should filter out soft-deleted repos.