Previously the auditor user was unable to access a project
repository for public/internal projects with the repository
visibility set to 'only project members'. This change allows
the project policy to respect the :read_all_resources ability
for admins and auditors to allow all private features to be
accessible.