Slice 13 — Private vs public repos with basic permission checks

[safayavatsal]

What to build

Repository visibility — public and private — with permission checks consistently applied across web UI, HTTPS Git, and SSH Git.

• Repository creation form (slice 3) gains a visibility toggle.
• Repository settings page allows changing visibility after creation (with confirmation).
• PermissionChecker is extended:
  • Public repo: anyone (signed in or not) can read; only the owner can push.
  • Private repo: only the owner can read or push; everyone else gets 404 (not 403, to avoid leaking existence).
• Web UI lists Repositories the viewer is allowed to see; private repos owned by others are not enumerated.
• Git transport (HTTPS and SSH) returns clean errors when a user attempts an unauthorized action.
• The Issue and PR pages on a private repo are gated by the same check.

Acceptance criteria

• A public Repository is browsable and clonable while signed out.
• A private Repository returns 404 to non-owners on web, HTTPS, and SSH paths.
• The owner can flip visibility from public → private and immediately the repo becomes inaccessible to others.
• PermissionChecker table-driven tests cover the matrix (actor: anonymous|stranger|owner) × (visibility: public|private) × (action: read|push).
• Issue and PR pages on a private repo are gated identically to repo pages.

Blocked by

• Slice 3 — User can create an empty Repository and 'git clone' it over HTTPS #3