Use read-based permissions

The permission level for an object should be read-only. There is no
need to mention the `create` ability.

Happily, these levels are currently synonymous, so this is not a
breaking change.

ee/app/graphql/types/dast/profile_type.rb

@@ -6,7 +6,7 @@ module Types
       graphql_name 'DastProfile'
       description 'Represents a DAST Profile'
 
-      authorize :create_on_demand_dast_scan
+      authorize :read_on_demand_scans
 
       field :id, ::Types::GlobalIDType[::Dast::Profile], null: false,
             description: 'ID of the profile.'

ee/app/graphql/types/dast_site_profile_type.rb

@@ -5,7 +5,7 @@ module Types
     graphql_name 'DastSiteProfile'
     description 'Represents a DAST Site Profile'
 
-    authorize :create_on_demand_dast_scan
+    authorize :read_on_demand_scans
 
     expose_permissions Types::PermissionTypes::DastSiteProfile
 

ee/spec/graphql/types/dast/profile_type_spec.rb

@@ -9,7 +9,7 @@ RSpec.describe GitlabSchema.types['DastProfile'] do
   let_it_be(:fields) { %i[id name description dastSiteProfile dastScannerProfile editPath] }
 
   specify { expect(described_class.graphql_name).to eq('DastProfile') }
-  specify { expect(described_class).to require_graphql_authorizations(:create_on_demand_dast_scan) }
+  specify { expect(described_class).to require_graphql_authorizations(:read_on_demand_scans) }
 
   it { expect(described_class).to have_graphql_fields(fields) }
 

ee/spec/graphql/types/dast_site_profile_type_spec.rb

@@ -25,7 +25,7 @@ RSpec.describe GitlabSchema.types['DastSiteProfile'] do
   end
 
   specify { expect(described_class.graphql_name).to eq('DastSiteProfile') }
-  specify { expect(described_class).to require_graphql_authorizations(:create_on_demand_dast_scan) }
+  specify { expect(described_class).to require_graphql_authorizations(:read_on_demand_scans) }
   specify { expect(described_class).to expose_permissions_using(Types::PermissionTypes::DastSiteProfile) }
 
   it { expect(described_class).to have_graphql_fields(fields) }