[Secure RBAC] Add shared_qos_policy rule

For shared QoS policies we need to have additional rule which will allow
to list shared policies for projects which aren't owners of the QoS
policy.

Closes-bug: #2004013
Closes-bug: #2004014
Change-Id: I593896ab087e3d916b10d7d5f6b22b501060b934

neutron/conf/policies/qos.py

@@ -21,9 +21,16 @@ The QoS API now supports project scope and default roles.
 
 
 rules = [
+    policy.RuleDefault(
+        'shared_qos_policy',
+        'field:policies:shared=True',
+        description='Rule of shared qos policy'),
     policy.DocumentedRuleDefault(
         name='get_policy',
-        check_str=base.ADMIN_OR_PROJECT_READER,
+        check_str=base.policy_or(
+            base.ADMIN_OR_PROJECT_READER,
+            'rule:shared_qos_policy'
+        ),
         scope_types=['project'],
         description='Get QoS policies',
         operations=[