Enable read_runner custom ability when user has read_runners ability on the owning group/project

read_runner custom ability is enabled on a runner when the user has read_runners (plural) custom ability on the runner's assigned projects or groups. This is currently done through Authz::CustomAbility module which checks if the given resource is a Ci::Runner. However, custom abilities are assigned through custom roles in a project or a group (i.e. through project/group membership or group/project sharing) so handling Ci::Runner type in Authz::CustomAbility module is inappropriate.

TODO

• Remove handling of Ci::Runner resource types from Authz::CustomAbility
• Update RunnerPolicy to delegate the check if the current user has the read_runners ability on the runner's owning project/group to ProjectPolicy or GroupPolicy depending on the type of the runner