From https://gitlab.com/gitlab-org/gitlab/-/issues/336446:

> it seems possible that a customer might put some information in there
> that they would not want to be publicly known.

This change checks that a user can view issues, or merge requests, of a
project before exposing the default templates.

Changelog: security
EE: true