Replace issue access checks with use of IssuableFinder

Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867

## Which fixes are in this MR?

⚠ - Potentially untested  
💣 - No test coverage  
🚥 - Test coverage of some sort exists (a test failed when error raised)  
🚦 - Test coverage of return value (a test failed when nil used)  
✅ - Permissions check tested

### Issue lookup with access check

Using `visible_to_user` likely makes these security issues too. See [Code smells](#code-smells).

- [x] 🚦 app/finders/notes_finder.rb:15 [`visible_to_user`]
- [x] 🚥 app/views/layouts/nav/_project.html.haml:73 [`visible_to_user`] [`.count`]
- [x] ✅ app/services/merge_requests/build_service.rb:84 [`issue.try(:confidential?)`]
- [x] ✅ lib/api/issues.rb:112 [`visible_to_user`]
  - CHANGELOG: Prevented API returning issues set to 'Only team members' to everyone
- [x] ✅ lib/api/helpers.rb:126 [`can?(current_user, :read_issue, issue)`] Maybe here too?
- [x] ✅ lib/gitlab/search_results.rb:53 [`visible_to_user`]

### Previous discussions
- [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#b2ff264eddf9819d7693c14ae213d941494fe2b3_128_126
- [ ] https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#7b6375270d22f880bdcb085e47b519b426a5c6c7_87_87

See merge request !2031

Fix missing access checks on issue lookup using IssuableFinder

Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867

⚠ - Potentially untested
💣 - No test coverage
🚥 - Test coverage of some sort exists (a test failed when error raised)
🚦 - Test coverage of return value (a test failed when nil used)
✅ - Permissions check tested

- [x] ✅ app/controllers/projects/branches_controller.rb:39
  - `before_action :authorize_push_code!` helpes limit/prevent exploitation. Always checks for reporter access so fine with
    confidential issues, issues only visible to team, etc.
- [x] 🚥 app/models/cycle_analytics/summary.rb:9 [`.count`]
- [x] ✅ app/controllers/projects/todos_controller.rb:19

- [x] Potential double render in app/controllers/projects/todos_controller.rb

- https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#cedccb227af9bfdf88802767cb58d43c2b977439_24_24

See merge request !2030

Fix information disclosure in `Projects::BlobController#update`

It was possible to discover private project names by modifying `from_merge_request`parameter in `Projects::BlobController#update`. This fixes that.

- [ ] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added
- Tests
  - [x] Added for this feature/bug
  - [ ] All builds are passing
- [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

https://gitlab.com/gitlab-org/gitlab-ce/issues/22869

See merge request !2023

Fix label creation non members

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23416

See merge request !2006

Remove `memberOf` OID in LDAP `user_filter` docs

While not technically invalid, it is not necessary to have the 
`memberOf` OID in the `user_filter`. It clutters things up and causes
confusion for users so it's better if we remove it from the docs.

See merge request !7809

While not technically invalid, it is not necessary to have the 
`memberOf` OID in the `user_filter`. It clutters things up and causes
confusion for users so it's better if we remove it from the docs. 

Create secondary colors for buttons with SCSS functions [Proper]

## What does this MR do?
* Removes the hardcoded values for button colors and generates them using the `darken` function
* Adds a border color for outline buttons on hover, focus and active states
* Adds darker colors for outline buttons in their active state

## Are there points in the code the reviewer needs to double check?
Naming for new factor variables might not be good enough.

## Why was this MR needed?
Increases visibility of alternate states as specified in #24145

## Screenshots (if relevant)

## Does this MR meet the acceptance criteria?

- [ ] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added
- [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [ ] API support added
- Tests
  - [ ] Added for this feature/bug
  - [ ] All builds are passing
- [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [ ] Branch has no merge conflicts with `master` (if it does - rebase it please)
- [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

## What are the relevant issue numbers?
Closes #24145

See merge request !7797

Add hover state to navigation rows

## What does this MR do?
Adds hover states to navigations rows

## Screenshots (if relevant)
![Screen_Recording_2016-11-28_at_09.21_AM](/uploads/5d273f8bc53f46f9b55590f56f2287d8/Screen_Recording_2016-11-28_at_09.21_AM.gif)

## Does this MR meet the acceptance criteria?

- [ ] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added
- [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [ ] API support added
- Tests
  - [ ] Added for this feature/bug
  - [ ] All builds are passing
- [ ] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [ ] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [ ] Branch has no merge conflicts with `master` (if it does - rebase it please)
- [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

## What are the relevant issue numbers?
Closes #24149

See merge request !7584

Adds spinner class

## What does this MR do?
Adds class to  spinner icon to actually spin.

## Does this MR meet the acceptance criteria?
- [ ] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added
- [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [ ] API support added
- Tests
  - [ ] Added for this feature/bug
  - [ ] All builds are passing
- [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if it does - rebase it please)
- [ ] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

## What are the relevant issue numbers?
Closes #24985

See merge request !7761

Ensure user is authenticated to create a new snippet

Closes #25026

See merge request !7786

Add guidelines in doc linking with HAML

## What does this MR do?

Add guidelines and examples of HAML links to
the buil-in help GitLab exposes under /help.

See merge request !7798

Replace static fixture for zen_mode_spec

## What does this MR do?

Replace `zen_mode.html.haml` for `zen_mode_spec.js` by already existing dynamically generated fixture.

## What are the relevant issue numbers?

#24753

See merge request !7686

[ci skip]

Add `.find` poly

## What does this MR do?

Adds `[].find()` poly

## Are there points in the code the reviewer needs to double check?

## Why was this MR needed?

## Screenshots (if relevant)

## Does this MR meet the acceptance criteria?

- [ ] [Changelog entry](https://docs.gitlab.com/ce/development/changelog.html) added
- [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [ ] API support added
- Tests
  - [ ] Added for this feature/bug
  - [x] All builds are passing
- [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if it does - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

## What are the relevant issue numbers?

See merge request !7710

Create dynamic fixture for build_spec

## What does this MR do?

Replace `spec/javascripts/fixtures/build.html.haml` by a dynamically created fixture (using `rake teaspoon:fixtures`).

## Why was this MR needed?

The existing fixture was not representing the real page. 

## What are the relevant issue numbers?

#24614 would have been avoided

following !6059

See merge request !7589

Create tag after running pre-hooks and pass updated SHA to post-hooks

Closes #24813

See merge request !7700

Signed-off-by: Rémy Coutable <remy@rymai.me>

[ci skip]

[ci skip]

We only know the tag SHA after we create the tag.
This means that we pass a different value to the hooks that happen before
creating the tag, and a different value to the hooks that happen after
creating the tag.

This is not an ideal situation, but it is a trade-off we decided to
make. For discussion of the alternatives please refer to
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7700#note_18982873

"pre-receive" and "update" hooks always get the SHA of the commit
that the tag points to. "post-receive" gets the tag SHA if it is
an annotated tag or the commit SHA if it is an lightweight tag.
Currently we always create annotated tags if UI is used.

Prevent error when submitting a merge request and pipeline is not defined

Closes #24860

See merge request !7707

This reverts commit ae51774b.

Refactor issuable_filters_present to reduce duplications

See https://gitlab.com/gitlab-org/gitlab-ce/issues/23546

See merge request !7776

Pass `--load-images=no` to PhantomJS via Capybara/Poltergeist

We were unintentionally hitting `gravatar.com` whenever a test that used
Poltergeist was run. This was certainly wasting their resources and
slowing down our tests even further, for no reason.

Part of https://gitlab.com/gitlab-org/gitlab-ce/issues/24899

See merge request !7781

Speed up Project security access specs

Prior, every single test was creating four `ProjectMember` objects, each
of which created one `User` record, even though each test only used
_one_ of those Users, if any.

Now each test only creates the single user record it needs, if it needs
one. This shaves minutes off of each spec file changed here.

Part of https://gitlab.com/gitlab-org/gitlab-ce/issues/24899

See merge request !7779

https://gitlab.com/gitlab-org/gitlab-ce/issues/23546

Prior, every single test was creating four `ProjectMember` objects, each
of which created one `User` record, even though each test only used
_one_ of those Users, if any.

Now each test only creates the single user record it needs, if it needs
one. This shaves minutes off of each spec file changed here.

Fix a broken link and avoid potential creation of future broken links on the help page.

See merge request !7582

We were unintentionally hitting `gravatar.com` whenever a test that used
Poltergeist was run. This was certainly wasting their resources and
slowing down our tests even further, for no reason.

Remove unnecessary require_relative calls from finder

Rails add all from app to autoload. See https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/7601

See merge request !7768

This moves methods from `LfsHelper` to a new `LfsRequest` concern and
introduces a new `WorkhorseRequest` concern.

Closes #22253

See merge request !7623

Backport groups_helper refactor from gitlab-org/gitlab-ee!904

This is a simple backport from a change in `groups_helper.rb` introduced by gitlab-org/gitlab-ee!904, requested here: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/904#note_18894726

See merge request !7767

Refresh project authorizations using a Redis lease

This MR changes `User#refresh_authorized_projects` so it uses a Redis lease instead of relying on serializable transactions. See the commit message(s) for more details.

See merge request !7733

Remove caching of events data

This MR removes the caching of events data as this was deemed unnecessary while increasing load on the database. See https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6578#note_18864037 and 5371da34 for more information.

See merge request !6578

UX Guide: Anchor hover guidance include color change

Update guidance on anchor hover treatment in UX Guide

See merge request !7639