This ports the changes from
https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/10462/
to CE

Currently a no-op for CE

# Conflicts:
#	ee/lib/ee/gitlab/git_access.rb
#	lib/gitlab/git_access.rb

When the `changes` passed to `GitAccess` are the literal string `_any`,
which indicates that this is a pre-authorization check, we now check
whether the user can push to any branch in the project in question,
instead of running the per-change check with `oldrev` `_any`, `newrev`
`nil`, and `ref` `nil`.

Validating each commit on ChangeAccess times out if
it already took too long to complete.

Improves the TimedLogger specs to not make use of a stubbed
class anymore

Adds a #full_message method so that external classes
do not have access to the state of the logger.

Adds a #append_message to always append to the array in-place

Whenever a git push takes more than 50 seconds the user
will receive a trace from each check performed along with
their timings

Previously overridden in EE but no longer required.

- Use proper HTTP codes for /api/v4/allowed response
- CustomAction support

- if #check_custom_action!(cmd) returns something, return from #check()
- now returns :Gitlab::GitAccessResult::Success.new instead of true

Allow builds that have been triggered by a user before terms were
enforced access to git. That way the builds can complete as usual.

When terms are enforced, but the user has not accepted the terms
access to the API & git is rejected with a message directing the user
to the web app to accept the terms.

This will allow to download a repo using the token from the DeployToken

git 2.16 will fail badly if there are stale worktrees.

Closes #44115

Removes permanent redirects, this means that redirects will only be
possible as long as the old route isn't taken by a new project/group.