Fix GraphQL query returning less than expected projects

What does this MR do and why?

GraphQL filters out the SAML projects where the current user is a member and the SAML session has expired because the needs_new_sso_session condition in EE::ProjectPolicy evaluates to true for expired SAML sessions which in turn makes the read_project policy to evaluate to false. This results in GraphQL returning less projects than queried.

Here we filter out the inactive SAML session projects from the database itself and return the expected number of projects requested by GraphQL query.

We have already done the same for groups in Fix GraphQL query returning less than expected ... (!159680 - merged).

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Query plans

• Before - https://console.postgres.ai/gitlab/gitlab-production-main/sessions/30194/commands/93650
• After - https://console.postgres.ai/gitlab/gitlab-production-main/sessions/30194/commands/93654

How to set up and validate locally

1. Follow Group SAML steps to set up SAML locally.
2. Create a new group called SAML-group and enable SAML SSO through https://gdk.test:3000/groups/saml-group/-/saml.
3. Create a new project called SAML-project under the above group.
4. Add a new user (say user1) to the above group.
5. Open the rails console and run the following:

user = User.find(<user1-id>)
ProjectsFinder.new(current_user: user, params: { filter_expired_saml_session_projects: true }).execute

The SAML project won't be returned.

5. Now simulate SAML sign-in by:

Gitlab::Session.with_session({ active_group_sso_sign_ins: { SamlProvider.last.id => Time.current } }) do
  ProjectsFinder.new(current_user: user, params: { filter_expired_saml_session_projects: true }).execute
end

The SAML project will be returned.

Related to #461083