[server] Allow team members (and everyone in legacy mode) to access prebuilds

[svenefftinge]

This PR relaxes resource-access so that team members can access prebuild workspaces and workspaceinstances.
It also replaces the old access guard for headless logs that would use the git access in favor of user/team based check.
caveat: Old prebuilds that don't have a project associated, yet, are accessible from everyone (see).

fixes #5344

[svenefftinge]

I'm refactoring the change to move the team member related access into its own resource guard.

[jankeromnes]

Code looks good to me, thanks!

Left a few questions & suggestions in-line.

Haven't tested this yet (will do so now).

[jankeromnes]

Tested, and I'm now able to see the logs of a team prebuild! 🎉 (Apparently still running after 2h 😅)

However, I also uncovered two bugs, but they're likely unrelated to this PR:

1. When you don't authorize GitLab (just GitHub), most Team Project pages just fail to load anything if it's a GitLab project:

However, authorizing with GitLab resolves this. We should probably handle these errors better (and show a "Authorize GitLab" button)

2. For the project gitlab-vscode-extension, I was able to see branches and prebuilds, but not for the project blubb (the pages are just empty, no errors in the console) -- could it be that, as long as we haven't seen a single prebuild, we're unable to fetch the branches in some cases? 🤔 (Note: The Configurator is able to fetch the .gitpod.yml)

[jankeromnes]

/hold because of the questions & suggestions

/lgtm otherwise 🎉

[jankeromnes]

/approve no-issue

/lgtm

[roboquat]

LGTM label has been added.

Git tree hash: 56addfaaaf6bcd7e716c9cf3df45bea588b386cc

[svenefftinge]

/lgtm

[svenefftinge]

/lgtm

[roboquat]

@svenefftinge: you cannot LGTM your own PR.

In response to this:

/lgtm

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[roboquat]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jankeromnes, svenefftinge

Associated issue: #5344

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• components/server/OWNERS [jankeromnes,svenefftinge]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[jankeromnes]

/lgtm
/unhold

[roboquat]

LGTM label has been added.

Git tree hash: 939b1f9028f6093dfd4bec9b64780f5c83e2658d