updated several specs and factories to accomodate new permissions

Signed-off-by: NRémy Coutable <remy@rymai.me>

This reverts commit 54a575f1, reversing
changes made to c63af942.

Move uploads to object storage

Closes #4163

See merge request gitlab-org/gitlab-ee!3867

I've followed the [upgrade guide](https://github.com/thoughtbot/factory_bot/blob/4-9-0-stable/UPGRADE_FROM_FACTORY_GIRL.md) and ran these two commands:

```
grep -e FactoryGirl **/*.rake **/*.rb -s -l | xargs sed -i "" "s|FactoryGirl|FactoryBot|"
grep -e factory_girl **/*.rake **/*.rb -s -l | xargs sed -i "" "s|factory_girl|factory_bot|"
```
Signed-off-by: NRémy Coutable <remy@rymai.me>

Fixes project visibility guidelines

See merge request gitlab/gitlabhq!2226

(cherry picked from commit 877c42c0aaf3298d6001614c9706bc366ae4014c)

e4fd1c26 Ensure project wiki visibility guidelines are met

Also improves the `create_templates` transient attribute and use
`project.project_feature.update_columns` instead of
`project.project_feature.update_attributes!` since it's faster.
Signed-off-by: NRémy Coutable <remy@rymai.me>

Because we assign this value in the model via a callback conditionally
on `email_changed?`, this never gets set when using `build_stubbed`,
resulting in a "can't be blank" validation error on this field.

In this case, we can just assign it manually to the same value as
`email`, which is generated via a sequence.

otherwise we'll have to use `user.reload` in the specs to get the
current rss_token value.

Signed-off-by: NRémy Coutable <remy@rymai.me>

FFaker can generate data that randomly break our test suite. This
simplifies our factories and use sequences which are more predictive.
Signed-off-by: NRémy Coutable <remy@rymai.me>

- Add a `destroy_user` ability. This didn't exist before, and was implicit in
  other abilities (only admins could access the admin area, so only they could
  destroy all users; a user can only access their own account page, and so can
  destroy only themselves).

- Grant this ability to admins, and when the current user is trying to destroy
  themselves. Disallow destroying ghost users in all cases.

- Modify the `Users::DestroyService` to check this ability. Also check it in
  views to decide whether or not to show the "Delete User" button.

- Add a short summary of the Ghost User to the bio.

Rather than using a separate `ghost` state. This lets us have the benefits of
both ghost and blocked users (ghost: true, state: blocked) without having to
rewrite a number of queries to include cases for `state: ghost`.

- To hold registrations from U2F devices, and to authenticate them.
- Previously, `User#two_factor_enabled` was aliased to the
  `otp_required_for_login` column on `users`.
- This commit changes things a bit:
    - `User#two_factor_enabled` is not a method anymore
    - `User#two_factor_enabled?` checks both the
      `otp_required_for_login` column, as well as `U2fRegistration`s
    - Change all instances of `User#two_factor_enabled` to
      `User#two_factor_enabled?`
- Add the `u2f` gem, and implement registration/authentication at the
  model level.

Closes #14370

Move gon function into its own helper

This reverts commit 01160fc0, reversing
changes made to 4bff9daf.