authz: authorize repositories via permissions tables
Created by: unknwon
This PR adds a new code path branch to authzFilter
when the admin enables the permissions background sync.
In high level:
- Only returns public repos for unauthenticated user or no authz providers configured (and
authzAllowByDefault
is false). - Fetch account and associate if no matching external account is found for the user, then grant any available pending permissions.
- Check permissions against perms tables in Postgres.
Note: This PR does not change any existing logic when permissions background sync is not enabled.
Fixes #8630 (closed)