[RUN AS-IF-FOSS] Disable access to "Security & Compliance" resources

What does this MR do?

Recently we've introduced a feature to remove the "Security & Compliance" navigation tab from the project's side menu but the resources are still available in case if someone has the direct link or already bookmarked the page. This MR adds the permission check to all "Security & Compliance" related controllers to return 403 in case the menu item is disabled.

This MR looks quite big with lots of changed files but most of them are following the same pattern which should make it easier to review. We also need to disable the Rest & GrapQL API resources but I think it's better to do it in a separate MR as this is already quite big.

Related to #290112 (closed).

The original MR which removes the menu item: !52551 (merged)

Does this MR meet the acceptance criteria?

Conformity

• [-] Changelog entry
• [-] Documentation (if required)
• Code review guidelines
• Merge request performance guidelines
• Style guides
• Database guides
• Separation of EE specific content

Availability and Testing

• [-] Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
• [-] Tested in all supported browsers
• [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

• [-] Label as security and @ mention @gitlab-com/gl-security/appsec
• [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
• [-] Security reports checked/validated by a reviewer from the AppSec team