Only assign merge params when allowed

See merge request gitlab/gitlabhq!3458

Pass all wiki markup formats through our Banzai pipeline filters

See merge request gitlab/gitlabhq!3461

Mask sentry auth token

See merge request gitlab/gitlabhq!3462

Use the '\A' and '\z' regex anchors in `InternalRedirect` to mitigate an Open Redirect issue.

Closes #2934

See merge request gitlab/gitlabhq!3466

Filter out search results based on permissions to avoid bugs leaking data

See merge request gitlab/gitlabhq!3493

Return 404 on LFS request if project doesn't exist

See merge request gitlab/gitlabhq!3505

[ci skip]

When a user updates a merge request coming from a fork, they should
not be able to set `force_remove_source_branch` if they cannot push
code to the source project.

Otherwise developers of the target project could remove the source
branch of the source project by setting this flag through the API.

This will be used later for search filtering.

This is to be more consistent as there is already a :read_note policy in
NotePolicy. To keep other behaviour the same we've introduced a
Note#noteable_ability_name that is used anywhere this was expected.

Previously, when the wiki page format was anything other than `markdown`
or `asciidoc` the formatted content would be returned though a Gitaly
call. Gitaly in turn would delegate formatting to the gitlab-gollum-lib
gem, which in turn would delegate that to various gems (like RDoc for
`rdoc`) and then apply some very liberal sanitization.

It was too liberal!

This change brings our wiki content formatting in line with how we
format other markdown at GitLab, so we have a SSOT for sanitization.

https://gitlab.com/gitlab-org/gitlab/issues/30540

[ci skip]