Protected packages: Show protected packages in package registry list

In previous issues the possibility was added to protected packages from push and delete, see:

• Protected packages: Add basic model and migrati... (#416382) and respective MRs
• Protected npm packages (#323970) and respective MRs

Given this new possibility, we need to make sure that users are able to easily identify protected packages in the package registry. This avoids confusion and unnecessary overhead. This issue discusses and aligns the design concept and other implementation details.

Parts of this proposal have been taken from the discussion in another issue.

This issue belongs to the EPIC Identify packages as protected to prevent accid... (&5574)

Proposal

The proposal consists of several aspects.

Aspect 1: Add badge "protected" to each package row

We propose to add badge "protected" to each package list entry when the following condition apply:

• There is at least one package protection rule for the given package - regardless of the current user (viewing the package list page); in other words, the given package is push protected by any package protection rule.

Open Questions:

• Package protection rules have two attributes that define in what way the package is protected or not, i.e. push_protected_up_to_access_level and delete_protected_up_to_access_level (<= not yet implemented). Question: Should we include this information in the package registry list? This could have the benefit that users see all background information related to the protected package and its package protection rule. => Answer: We have discussed this option in another MR discussion. We concluded to not include this information in this package list view for now. It could be discussed in the design for the package detial page.

• When should we add the badge "protected"? We could also think about adding the badge "protected" only when the package is protected from the current users. => Answer: Based on the MR disucssions here and here, we have concluded to add the badge "protected" when the current user (viewing the package list page) is not allowed to push to the given package

• More open questions have been discussed here: !141134 (comment 1718581270)

Aspect 2: Consider protected packages for button "Delete selected"

Furthermore, we need to consider the bulk delete feature in the package registry list. We propose that protected packages cannot be selected for the button "bulk delete". This is showcased by the followin mockup (proposed by @katiemacoy in #413641 (comment 1713286236))

Implementation plan

• Add label "protected" in the overview list of package registries as mentioned in #413641 (comment 1708536668) , see #437926
• Ensure that protected packages are not selectable for bulk deletion in package registry list, see #437926
• Check for N+1 query, see !146206 (comment 1871347682)