Advertise the PAT as an alternative unless GH import is not configured.
Signed-off-by: NRémy Coutable <remy@rymai.me>

This stands as an alternative to using OAuth to access a user's Github
repositories.  This is setup in such a way that it can be used without OAuth
configuration.

From a UI perspective, the how to import modal has been replaced by a full
page, which includes a form for posting a personal access token back to the
Import::GithubController.

If the user has logged in via GitHub, skip the Personal Access Token and go
directly to Github for an access token via OAuth.

Feedback from:
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4961#note_12794221

This method now should return false if build is not completed. If build
is running then it is not retryable, therefore `Ci::Build#retryable?`
returned wrong value. This commit changes this behavior

Removed from window and used static method

In #19273, we saw that retrieving ProjectTeam#human_max_access for each
note takes the bulk of the time when rendering certain issues or merge requests.
We observe that most of the comments in an issue are typically done by the
same users. This MR memoizes the max access level by user ID.

Closes #18949

And show information about locked status.

Help! This looks bad :o

Completed new project page

Updated CHANGELOG

Corrected 'Create project' button

Made responsive

Added gitlab export button

Changed Spinach test to match updated UI

reverted test changes and fixed UI

Corrected 'Repo by URL' text

Fixed static namespace style

Added errors partial

Added padding to bottom of page-with-sidebar

paired with @stanhu

Closes #19173

Closes #19005

The issue was with the `User#groups` and `User#projects` associations
which goes through the `User#group_members` and `User#project_members`.

Initially I chose to use a secure approach by storing the requester's
user ID in `Member#created_by_id` instead of `Member#user_id` because I
was aware that there was a security risk since I didn't know the
codebase well enough.

Then during the review, we decided to change that and directly store the
requester's user ID into `Member#user_id` (for the sake of simplifying
the code I believe), meaning that every `group_members` / `project_members`
association would include the requesters by default...

My bad for not checking that all the `group_members` / `project_members`
associations and the ones that go through them (e.g. `Group#users` and
`Project#users`) were made safe with the `where(requested_at: nil)` /
`where(members: { requested_at: nil })` scopes.

Now they are all secure.
Signed-off-by: NRémy Coutable <remy@rymai.me>

This commit changes the way certain documents are rendered (currently
only Notes) and how documents are redacted. Previously both rendering
and redacting would run on a per document basis. The result of this was
that for every document we'd have to run countless queries just to
figure out if we could display a set of links or not.

This commit changes things around so that redacting Markdown documents
is no longer tied into the html-pipeline Gem. This in turn allows it to
redact multiple documents in a single pass, thus reducing the number of
queries needed.

In turn rendering issue/merge request notes has been adjusted to take
advantage of this new setup. Instead of rendering Markdown somewhere
deep down in a view the Markdown is rendered and redacted in the
controller (taking the current user and all that into account). This has
been done in such a way that the "markdown()" helper method can still be
used on its own.

This particular commit also paves the way for caching rendered HTML on
object level. Right now there's an accessor method Note#note_html which
is used for setting/getting the rendered HTML. Once we cache HTML on row
level we can simply change this field to be a column and call a "save"
whenever needed and we're pretty much done.