authz: authorize repositories via permissions tables

Created by: unknwon

This PR adds a new code path branch to authzFilter when the admin enables the permissions background sync.

In high level:

1. Only returns public repos for unauthenticated user or no authz providers configured (and authzAllowByDefault is false).
2. Fetch account and associate if no matching external account is found for the user, then grant any available pending permissions.
3. Check permissions against perms tables in Postgres.

Note: This PR does not change any existing logic when permissions background sync is not enabled.

Fixes #8630 (closed)