Use internally only boolean params.

Signed-off-by: NRémy Coutable <remy@rymai.me>

It also renames the API::PROJECT_ENDPOINT_REQUIREMENTS constant to
API::NAMESPACE_OR_PROJECT_REQUIREMENTS

Partially addresses #47424.

Had to make changes to spec files because
stubbing methods on frozen objects is a mess
in RSpec and leads to failures:

https://github.com/rspec/rspec-mocks/issues/1190

This whitelists all existing offenses for the various CodeReuse cops, of
which most are triggered by the CodeReuse/ActiveRecord cop.

This is more idiomatic than checking membership explicitly.

- Allow `created_at` and `updated_at` parameters on Issues API
- Allow `created_at` on Issue Notes API

Closes gitlab-org/gitlab-ce#40059

This was being masked by the statement cache because only one author was used
per issue in the test..

Also adds support for an Rspec matcher `exceed_all_query_limit`.

This was being masked by the statement cache because only one author was used
per issue in the test..

Also adds support for an Rspec matcher `exceed_all_query_limit`.

In CE, every `Issue` entity is also a `ProjectEntity`, which calls
`entity&.project.try(:id)` to show the project ID. In an API
request with 100 issues, this would hit the Rails statement cache 100 times
for the same project and cause unnecessary overhead as related models would
also be loaded.

In EE, we call `Issue#supports_weight?` for each issue, which then calls
`project&.feature_available?(:issue_weights)`. If the project is not
preloaded, this incurs additional overhead, as each individual Project
object has to be queried. This can lead to a significant performance hit.
In loading the CE project with 100 issues, this contributed to at least 22%
of the load time.

See https://gitlab.com/gitlab-org/gitlab-ce/issues/47031 for why testing this
is a bit tricky.

Deprecate corresponding dash versions created-by-me and assigned-to-me

This ensures that we have more visibility in the number of SQL queries
that are executed in web requests. The current threshold is hardcoded to
100 as we will rarely (maybe once or twice) change it.

In production and development we use Sentry if enabled, in the test
environment we raise an error. This feature is also only enabled in
production/staging when running on GitLab.com as it's not very useful to
other users.

- Ensure that unwanted params are no passed to actual finder classes

Prevent creating issues through API without having permissions

See merge request gitlab/gitlabhq!2225

(cherry picked from commit c298bbaa88883343dc9cbbb6abec0808fb3b546c)

915b97c5 Prevent creating issues through API without having permissions

This method can be called with an array, or a relation:

1. Arrays always have a limited amount of values, so that's fine.
2. If the relation does not have a limit value applied, then we will load every
   single object in that collection, and prevent N+1 queries for the metadata
   for that. But that's wrong, because we should never call this without an
   explicit limit set. So we raise in that case, and this commit will see which
   specs fail.

The only failing specs here were the issues API specs, and the specs for
IssuableMetadata itself, and both have been addressed.