Raise the permissions of the group-level APIs to owner

🚨 Please remove confidential of this issue when #364441 (closed) gets released!

In #364441 (closed) we identified a discrepancy between the UI & the API Group Owners / administrators permission for package and registries settings.

Context

Currently, the docs show that maintainers should have the ability to change these settings: https://docs.gitlab.com/ee/user/permissions.html#group-members-permissions

We recently updated the graphql/api permissions to be maintainer from developer to conform with the frontend. It looks like we got mixed up somewhere in #350682 (closed) and #322055 (closed) and the UI has required owner all along.

Access to the settings tab, & therefore Packages & Registry settings on the left side is available only for group owners (they have :admin_group set on their group policy) and the same check is made if the user tries to visit the URL directly. So maintainers don't have access to this UI.

Proposed solution

Raise the permissions of the group-level APIs to owner.

The note warning of the deprecation in GraphQL should be removed.

Relates to #364441 (closed)

Breaking change tasks

Affected Topology

This affects Self-Managed users of GitLab.

Affected Tier

All tiers are affected.

• Free
• Premium
• Ultimate

Checklists

Labels

• This issue is labeled deprecation, and with the relevant ~devops::, ~group::, and ~Category: labels.
• This issue is labeled breaking change if the removal of the deprecated item will be a breaking change.

Timeline

Please add links to the relevant merge requests.

• As soon as possible, but no later than the third milestone preceding the major release (for example, given the following release schedule: 14.8, 14.9, 14.10, 15.0 – 14.8 is the third milestone preceding the major release):
  • A deprecation announcement entry has been created so the deprecation will appear in release posts and on the general deprecation page. - !108055 (merged)
  • Documentation has been updated to mark the feature as deprecated.
• On or before the major milestone: A removal entry has been created so the removal will appear on the removals by milestones page and be announced in the release post. - !108055 (merged)
• On the major milestone:
  • The deprecated item has been removed.
  • If the removal of the deprecated item is a breaking change, the merge request is labeled breaking change.

Mentions

• Your stage's stable counterparts have been @mentioned on this issue. For example, Customer Support, Customer Success (Technical Account Manager), Product Marketing Manager: @heather.
  • To see who the stable counterparts are for a product team visit product categories
    • If there is no stable counterpart listed for Sales/CS please mention @timtams
    • If there is no stable counterpart listed for Support please mention @gitlab-com/support/managers
    • If there is no stable counterpart listed for Marketing please mention @cfoster3
• Your GPM @jreporter has been @mentioned so that they are aware of planned deprecations. The goal is to have reviews happen at least two releases before the final removal of the feature or introduction of a breaking change.

Deprecation Milestone

15.8

Planned Removal Milestone

16.0