Restrict starred projects to viewable ones
User#starred_projects
doesn't perform any visibility checks. This has
a couple of problems:
- It assumes a user can always view all of their starred projects in perpetuity (project not changed to private, access revoked, etc.).
- It assumes that we'll only ever allow a user to star a project they can view. This is currently the case, but bugs happen.
Add User#viewable_starred_projects
to filter the starred projects by
those the user either has explicit access to, or are public or
internal. Then use that in all places where we list the user's starred
projects.
Closes #17249. @rspeicher can you review please?