Enforce that All-Users must inherit from All-Projects

For groups in NoteDb, we manage group ownership through permissions on
the group ref. During the migration, we prevent the mutation of
Gerrit-managed permissions for group refs to ensure the ReviewDb and
NoteDb data does not get out of sync.

These enforcements are in place for All-Users and All-Projects. To
prevent users from changing these properties by inheritance, we enforce
a fixed inheritance of All-Users <= All-Projects.

In addition, this commit adds a schema migration to migrate wrong
inheritance.

Change-Id: Id8e4f957d316cf401463dcce2042e604e19037bd

java/com/google/gerrit/httpd/rpc/project/ProjectAccessHandler.java

@@ -27,6 +27,7 @@ import com.google.gerrit.common.errors.NoSuchGroupException;
 import com.google.gerrit.common.errors.PermissionDeniedException;
 import com.google.gerrit.common.errors.UpdateParentFailedException;
 import com.google.gerrit.extensions.restapi.AuthException;
+import com.google.gerrit.extensions.restapi.BadRequestException;
 import com.google.gerrit.extensions.restapi.ResourceConflictException;
 import com.google.gerrit.extensions.restapi.UnprocessableEntityException;
 import com.google.gerrit.httpd.rpc.Handler;
@@ -189,7 +190,7 @@ public abstract class ProjectAccessHandler<T> extends Handler<T> {
                   + "not an administrator. You may save the modifications for review "
                   + "so that an administrator can approve them.",
               e);
-        } catch (ResourceConflictException | UnprocessableEntityException e) {
+        } catch (ResourceConflictException | UnprocessableEntityException | BadRequestException e) {
           throw new UpdateParentFailedException(e.getMessage(), e);
         }
         config.getProject().setParentName(parentProjectName);