Add TroubleshootJobWithAI to pipeline graphql endpoint

Problem

We want to add to the frontend a troubleshoot button next to each job and we need a way to query whether the user has the ability to see this button.

Solution

Option 1 (decided not to do)

We can add TroubleshootJobWithAI to the graphql Types::Ci::JobType type which backs the failed job.

Unfortunately, this requires an N+1 because each job has specific permission checks like checking weather the build trace is using debug mode.

We could possibly introduce a performance degradation to the pages we use it on if we add this to the existing api call since all the permission checks could be slow and block the loading for cases with many failed jobs. We saw that happen with the checks for playing manual builds. We could work around this by use a second api call on the page so that the rest of the page doesn't need to wait for all the permission checks. We can also place limits on # of jobs that can be returned at once with this attribute. See Limit maximum field call count

Option 2 (decided to do)

Add to EE::Ci:PipelinePolicy the troubleshoot_job_with_ai ability. This will allow us to pass a pipeline as the subject to the ability. We want this to check whether the user can read_build for a pipeline as well as all the other duo enterprise checks specified in EE::Ci::BuildPolicy.

We can add TroubleshootJobWithAI to the graphql Types::Ci::PipelineType type which backs the failed job.

The downside from a UX standpoint is that there could be times where the button is displayed but will return a permission error when clicked.

We always want to check user.can?(:troubleshoot_job_with_ai, job) within the backend class because that will keep users from accessing information that they should not. But for display purposes it should be ok to display the button if user.can?(:troubleshoot_job_with_ai, pipeline).