No external behavior change.

This allows `GitHttpController` to set the HTTP status based on the type of error. Alternatively, we could have added an attribute to GitAccessStatus, but this pattern seemed appropriate.

This already works due to previous refactoring.

It uses a user activity table instead of a column in users.
Tested with mySQL and postgreSQL

Closes gitaly#168

Also create a new WorkhorseRequest concern
Signed-off-by: NRémy Coutable <remy@rymai.me>

Ensure external users are not able to clone disabled repositories.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/23788

See merge request !2017
Signed-off-by: NRémy Coutable <remy@rymai.me>

Use a permissions of user to access all dependent projects from CI jobs (this also includes a container images, and in future LFS files)

Before this change we always let users push Git data over HTTP before
deciding whether to accept to push. This was different from pushing
over SSH where we terminate a 'git push' early if we already know the
user is not allowed to push.

This change let Git over HTTP follow the same behavior as Git over
SSH. We also distinguish between HTTP 404 and 403 responses when
denying Git requests, depending on whether the user is allowed to know
the project exists.

This reverts commit 13e37a3e.

Auth.find was a very generic name for a very specific method.
Auth.find_in_gitlab_or_ldap was inaccurate in GitLab EE where it also
looks in Kerberos.