The FileSizeCheck push rule loads all new blobs for a given change and
checks whether any of these blobs is bigger than a certain threshold.
This push rule is quite expensive: loading new blobs requires a revwalk
of all preexisting references and thus scales with the number of refs in
a repository. This may easily take a few dozen seconds to compute, and
repeating this computation for each change doesn't help either.

Refactor the FileSizeCheck to be implemented atop the BaseBulkChecker
such that we can fix this shortcoming in the future: instead of loading
blobs for each change, we may load them once for all changes. While this
would already amortize the costs because we have to perform the walk of
negative refs once only, we can eventually tweak this even further and
use the quarantine directory to enumerate all pushed objects directly
without doing a revwalk at all. This optimization will bring down the
time to load blobs from dozens of seconds to a few milliseconds.

Note that this commit doesn't yet change behaviour, but instead only
prepares the infrastructure to allow for batch loading. Batch loading
will require some additional changes to our infrastructure first, which
will be done in a separate patch series.

The PushRuleChecks are implemented as BaseSingleChecker, where they
always operate on a single change only. This is inefficient for a subset
of push rules, most namely for the file size rules: we could load all
blobs via a single RPC call and inspect their sizes instead of doing an
RPC call per change.

Prepare for this change by converting the PushRules to be implemented as
BaseBulkChecker. For now, nothing really changes: we just deconstruct
the bulk changes into SingleChangeAccesses and then pass those into our
subrules. But with this change in place, we can easily convert subsets
of our push rules to use batching.

There is only a single callsite right now which extracts changes from a
ChangesAccess and converts them into SingleChangeAccesses, which is
inside the ChangesAccess class itself. We're about to convert push rules
such that they can both drive single and bulk push rules, and there
we'll need the same functionality.

Extract the code into a standalone `#single_change_accesses()` function
which can be used to do the conversion.

Push rules are only available in the Enterprise Edition and are thus
mixed into the BaseSingleChecker via a separate EE module which extends
the base class. This only makes push rules available for this single
checks: bulk checks ain't got any access to them, and until now they
haven't needed any either. We're about to refactor push rules to allow
batching of access checks though, so we need access to push rules in
both classes.

Move the push rule implementation into the BaseChecker class. This is
the parent class of both BaseSingleChecker and BaseBulkChecker, so it
will make the function available to both.

Log backtrace when SAVEPOINT is discovered

See merge request gitlab-org/gitlab!69023

Add missing slash to CODEOWNERS to catch directory

See merge request gitlab-org/gitlab!69050

Removed references to admin wrench

See merge request gitlab-org/gitlab!69038

Put back details about cloning with a job token

See merge request gitlab-org/gitlab!68820

Ban and unban user via API

See merge request gitlab-org/gitlab!68332

Update Gitaly version

See merge request gitlab-org/gitlab!69048

Update doc/user/application_security/secret_detection/index.md

See merge request gitlab-org/gitlab!69042

Also fix spec names

Also change error message

Also introduce unban event

Transition banned to active

Fix ban unban specs

Fix api and specs

Fix ban unban specs

Add ban unban user docs

Remove extra line

Remove redundant condition checks

Change user api docs

Remove extra line

Add aggregate failures

Changelog: added

Allow admins to ban and unban users via API

Docs: fix product tier badge in Issue board docs

See merge request gitlab-org/gitlab!69039

Docs: fix units on Docker shared memory documentation

See merge request gitlab-org/gitlab!69031

Fixed table that wasn't rendering

See merge request gitlab-org/gitlab!69025

Add tier badging to Distribution group pages

See merge request gitlab-org/gitlab!69008

Send email inline to rotation members when deleting participant user

See merge request gitlab-org/gitlab!68811

We have mostly eliminated using subtransactions from the code, but there
are a few places where they may be happening. Log the backtrace of the
caller to identify exactly where this is happening.

Changelog: added

Fix Connection#exists? when using the DB LB

See merge request gitlab-org/gitlab!68855

Fix signature badge on commits tab of merge request

See merge request gitlab-org/gitlab!67582

Add details to SSH key restrictions documentation

See merge request gitlab-org/gitlab!68773

Update pipeline triggers documentation: add information about token

See merge request gitlab-org/gitlab!68961

TAM CI/CD update to CI/CD Quickstart page

See merge request gitlab-org/gitlab!68499

Docs: update CI artifacts expiry docs to include "keep latest artifacts" note

See merge request gitlab-org/gitlab!68919