Explicitly check READ permission when processing a git push

Git pushes for review require PUSH (create change) permission. They
did also always require READ permission, though, that was not checked
explicitly. READ permission was required, because we'd only consider
refs that the user can read as 'uninteresting' when traversing the
pushed commit chain to find commits we want to turn into changes.

Not having READ permission  means, Gerrit finds way more commits than
are actually new and then checks if the user has FORGE_AUTHOR permission
because Gerrit thinks they are uploading a commit from someone else. That
would then fail and leave the user with a cryptic error message.

While we could fix that on it's own, it seems way more robust to just
also check for READ permission when processing a push.

Change-Id: Ic3b433799d4dae3a5b8ac61f42fa3d47fdbb3d68

java/com/google/gerrit/server/git/receive/ReceiveCommits.java

@@ -1839,7 +1839,9 @@ class ReceiveCommits {
       magicBranch.perm = permissions.ref(ref);
 
       Optional<AuthException> err =
-          checkRefPermission(magicBranch.perm, RefPermission.CREATE_CHANGE);
+          checkRefPermission(magicBranch.perm, RefPermission.READ)
+              .map(Optional::of)
+              .orElse(checkRefPermission(magicBranch.perm, RefPermission.CREATE_CHANGE));
       if (err.isPresent()) {
         rejectProhibited(cmd, err.get());
         return;