feat(auth): Permissions for package repositories

[smiley8D]

Resolves #20596

Packages assigned to a non-organization repository will be set to private WebUI access if the repository is set to non-public access. For the API, this also applies at least to OCI images. This is a limited solution to the attached issue, but I provides the vast majority of requested changes (based on posted issues) without requiring as many code changes.

A couple of limitations/things to consider:

• Packages do not inherit the full permission settings of a repo on attachment. Repo permission settings are significantly more complex and can involve teams, granular permissions, etc. This PR only considers if the repository is marked public or not.
• If the repository is non-public, the package is only accessible by the package owner. I did not want to make decisions about cases where packages are attached to repos with different owner or if repo ownership changes.
• Packages are still listed if a user's profile is public. This would likely require larger code changes.
• API only enforces for OCI packages. This appears to be the most requested use case.
• Needs testing for non-v2 API routes, but I only used the docker CLI client so was not able to confirm packages are unreachable on other API routes.

[GiteaBot]

@smiley8D I noticed you've updated the locales for non-English languages. These will be overwritten during the sync from our translation tool Crowdin. If you'd like to contribute your translations, please visit https://crowdin.com/project/gitea. Please revert the changes done on these files. 🍵

[GiteaBot]

@smiley8D I noticed you've updated the locales for non-English languages. These will be overwritten during the sync from our translation tool Crowdin. If you'd like to contribute your translations, please visit https://crowdin.com/project/gitea. Please revert the changes done on these files. 🍵