In CE only the admin has access to all private groups & projects. In EE also an
auditor can have full private access.

To overcome merge conflicts, or accidental incorrect access rights, abstract
this out in `User#full_private_access?`.

`User#admin?` now only should be used for admin-only features. For private
access-related features `User#full_private_access?` should be used.

Backported from gitlab-org/gitlab-ee!2199