Hide "New merge request" button on /-/analytics/code_reviews from Auditors

Summary

"New merge request" on /-/analytics/code_reviews page should not be shown to Auditors as they have read-only permissions.

Steps to reproduce

1. Create a project
2. Log-in as an Auditor
3. Navigate to "Analytics" -> "Code Review"

What is the current bug behavior?

"New merge request" button is shown to Auditors but returns a 404 if clicked

What is the expected correct behavior?

"New merge request" should not be shown to Auditors

Relevant logs and/or screenshots

Possible fixes

Add merge_request_source_project_for_project(@project) check to new_merge_request_url property: ee/app/views/projects/analytics/code_reviews/index.html.haml#L8