Allow GraphQL requests without CSRF token

Closes #57237

See merge request gitlab-org/gitlab-ce!25719

Document ChatOps for actor feature gates

See merge request gitlab-org/gitlab-ce!25815

Quarantine CI variable support spec

See merge request gitlab-org/gitlab-ee!9882

Quarantine failing ssh key test

See merge request gitlab-org/gitlab-ce!25813

Quarantine: Update failure issue link

See merge request gitlab-org/gitlab-ce!25811

The documentations only covered the percentage based feature gates.
These don't work really well for a number of reasons, for example; a new
visual element in GitLab would be weird to see only 25% of the time.

Allowing feature gates based on projects and groups has been supported,
now it's documented.

CE backport of ee-parallel-diff-view

See merge request gitlab-org/gitlab-ce!25734

Fix EE differences in parallel_diff_view.vue

Closes #10007

See merge request gitlab-org/gitlab-ee!9825

With this we allow authentication using a session or using personal
access token.

Authentication using a session, and CSRF token makes it easy to play
with GraphQL from the Graphiql endpoint we expose.

But we cannot enforce CSRF validity, otherwise authentication for
regular API clients would fail when they use personal access tokens to
authenticate.

Re-add gitlab:ui:visual ci job

Closes gitlab-ui#192

See merge request gitlab-org/gitlab-ce!25808

These adjustments make sure our GraphQL helpers support rendering
queries for empty fields like this:

      {
        echo(text: "Hello world")
      }

Instead of like this:

     {
       echo(text: "Hello world") {
       }
     }

The latter would be an invalid query, causing parsing errors.

Making review-performance run on master in scheduled runs

Closes #57881

See merge request gitlab-org/gitlab-ce!25757

PUT MergeRequest API endpoint - accept labels as an array

See merge request gitlab-org/gitlab-ce!19914

Expose merge request entity for pipelines

See merge request gitlab-org/gitlab-ce!25679

Resolve "Introduce zoom and scroll functionality on metrics charts"

Closes #57085

See merge request gitlab-org/gitlab-ce!25388

Adds the ability to change data zoom for metrics graphs

Resolve "Limit Group Security Dashboard to selected types of vulnerabilities"

Closes #9393

See merge request gitlab-org/gitlab-ee!9626

Allow protected branch creation via web and API

Closes #53361

See merge request gitlab-org/gitlab-ce!24969

This commit includes changes to add `UserAccess#can_create_branch?`
which will check whether the user is allowed to create a branch even
if it matches a protected branch.

This is used in `Gitlab::Checks::BranchCheck` when the branch name
matches a protected branch.

A `push_to_create_protected_branch` ability in `ProjectPolicy` has been
added to allow Developers and above to create protected branches.

Use optional encryption strategy for Runners Tokens

Closes #54859

See merge request gitlab-org/gitlab-ce!25532

This makes code to support encrypted runner tokens.
This code also finished previously started encryption
process.

EE: Use optional encryption strategy for Runners Tokens

See merge request gitlab-org/gitlab-ee!9841

Fix object storage link in doc

See merge request gitlab-org/gitlab-ce!25791

CE FE Add PersistentUserCallout factory method

See merge request gitlab-org/gitlab-ce!25481