Resolve EE conflicts for "Fix API Scoping"

See merge request !2338

EE Port: Honor the "Remember me" parameter for OAuth-based login

See merge request !2175

- There were conflicting changes in `master` that were fixed in
  94258a65. This made rebasing the commits from gitlab-ce!12300
  problematic, due to conflicts.

- Instead, I squashed all !12300 commits into a single commit, and
  cherry-picked that onto 33580-fix-api-scoping-ee, which resulted
  in this commit.

Original commit messages below
==============================

Initial attempt at refactoring API scope declarations.

- Declaring an endpoint's scopes in a `before` block has proved to be
  unreliable. For example, if we're accessing the `API::Users` endpoint - code
  in a `before` block in `API::API` wouldn't be able to see the scopes set in
  `API::Users` since the `API::API` `before` block runs first.

- This commit moves these declarations to the class level, since they don't need
  to change once set.

Allow API scope declarations to be applied conditionally.

- Scope declarations of the form:

    allow_access_with_scope :read_user, if: -> (request) { request.get? }

  will only apply for `GET` requests

- Add a negative test to a `POST` endpoint in the `users` API to test this. Also
  test for this case in the `AccessTokenValidationService` unit tests.

Test `/users` endpoints for the `read_user` scope.

- Test `GET` endpoints to check that the scope is allowed.
- Test `POST` endpoints to check that the scope is disallowed.
- Test both `v3` and `v4` endpoints.

When verifying scopes, manually include scopes from `API::API`.

- They are not included automatically since `API::Users` does not inherit from
  `API::API`, as I initially assumed.

- Scopes declared in `API::API` are considered global (to the API), and need to
  be included in all cases.

Test OAuth token scope verification in the `API::Users` endpoint

Add CHANGELOG entry for CE MR 12300

Fix remaining spec failures for !12300.

1. Get the spec for `lib/gitlab/auth.rb` passing.

  - Make the `request` argument to `AccessTokenValidationService` optional -
  `auth.rb` doesn't need to pass in a request.

  - Pass in scopes in the format `[{ name: 'api' }]` rather than `['api']`, which
  is what `AccessTokenValidationService` now expects.

2. Get the spec for `API::V3::Users` passing

2. Get the spec for `AccessTokenValidationService` passing

Implement review comments from @dbalexandre for !12300.

Implement review comments from @DouweM for !12300.

- Use a struct for scopes, so we can call `scope.if` instead of `scope[:if]`

- Refactor the "remove scopes whose :if condition returns false" logic to use a
  `select` rather than a `reject`.

Extract a `Gitlab::Scope` class.

- To represent an authorization scope, such as `api` or `read_user`
- This is a better abstraction than the hash we were previously using.

`AccessTokenValidationService` accepts `String` or `API::Scope` scopes.

- There's no need to use `API::Scope` for scopes that don't have `if`
  conditions, such as in `lib/gitlab/auth.rb`.

Fix build for !12300.

- The `/users` and `/users/:id` APIs are now accessible without
  authentication (!12445), and so scopes are not relevant for these endpoints.

- Previously, we were testing our scope declaration against these two methods.
  This commit moves these tests to other `GET` user endpoints which still
  require authentication.

Check license for milestones on issue boards

Closes #2568

See merge request !2315

Introduce namespace license checks for Push Rules (EES)

Closes #2573

See merge request !2335

Clarify when Code Quality shows in MR widget

Closes #2782

See merge request !2298

Namespace license checks Issue & MR template

Closes #2580

See merge request !2321

And separate EE/CE for board.rb

Introduce namespace license checks for merge request approvers (EES)

Closes #2566

See merge request !2324

# Conflicts:
#   app/models/license.rb

Hide Focus mode button if feature not available in license

Closes #2569

See merge request !2303

Namespace license checks for Contribution Analytics (EES)

Closes #2579

See merge request !2302

Fix EE conflicts for "Allow unauthenticated access to the `/api/v4/users` API"

See merge request !2247

When the Issuable Default Template feature is not available, do not
show the input form to configure the Issue & MR templates on the
Settings page.

Only when the Issuable Default Templates feature is available, fill in
the description from settings when building a new MR.

Only when the license allows Issuable Default Templates, set the issue
description when building an Issue.

Do this by splitting out EE-specific features into
EE::Issues::BuildService. And also split up spec files.

- Don't use `request.env['omniauth.params']` if it isn't present.

- Remove the `saml` section from the `gitlab.yml` test section. Some tests
  depend on this section not being initially present, so it can be overridden
  in the test. This MR doesn't add any tests for SAML, so we didn't really need
  this in the first place anyway.

- Clean up the test -> omniauth section of `gitlab.yml`

- Disable an ESLint check rather than work around it (by
  converting `OAuthRememberMe` from a regular class to a
  static class.

- Scope `$` calls inside `OAuthRememberMe`

- Change double quotes to single quotes.
- Why is `OmniAuth.config.full_host` being reassigned in the integration test?
- Use `map` over `map!` to avoid `dup` in the `gitlab:info` rake task
- Other minor changes

- The test for `rake gitlab:env:info` executed the rake task, which mutated the
  list of omniauth providers, breaking subsequent tests relying on this list.

- I've changed the rake task to duplicate the providers list before modifying it.

- I tried to get this to work by stubbing out portions of the config within the
  test. This didn't work as expected because Devise/Omniauth loaded before the
  stub could run, and the stubbed config was ignored.

- I attempted to fix this by reloading Devise/Omniauth after stubbing the
  config. This successfully got Devise to load the stubbed providers, but failed
  while trying to access a route such as `user_gitlab_omniauth_authorize_path`.

- I spent a while trying to figure this out (even trying
  `Rails.application.reload_routes!`), but nothing seemed to work.

- I settled for adding this config directly to `gitlab.yml` rather than go down
  this path any further.

- Added saml, authentiq, cas3, and auth0
- Crowd seems to be a special case that will be handled separately.