feat(RHINENG-23947): Add Kessel perms

[mtclinton]

Integrate Kessel permission checks behind the
patch-frontend.kessel-enabled feature flag.

When Kessel is enabled, permission checks use the
Kessel SDK (useSelfAccessCheck) against workspace
resources instead of RBAC v1. When disabled,
behavior is unchanged.

Permission mapping (from patch.ksl):

• patch:*:read -> patch_system_view
• patch:: -> patch_system_edit
• patch:template:write -> patch_template_edit

Description

RHINENG-23947

Please include a summary of the change, what this fixes/creates/improves.
-Integrate Kessel permission checks behind the
patch-frontend.kessel-enabled feature flag.

• Add AccessCheck.Provider and QueryClientProvider
• Add usePermissionCheck hook toggling RBAC v1/Kessel
• Add useKesselWorkspaces using fetchDefaultWorkspace
  from @project-kessel/react-kessel-access-check SDK
• Use getKesselAccessCheckParams from FEC utilities
• Map patch RBAC v1 permissions to Kessel relations
• Replace usePermissionsWithContext in Routes,
  WithPermission, SystemsTable, PatchSet, and
  PatchSetDetail with usePermissionCheck
• Add useFeatureFlag and useKesselFeatureFlag hooks
• Add test mocks for Kessel SDK and permission hooks

How to test the PR

Please include steps to test your PR.

Before the change

After the change

Dependent work link

Checklist:

• The commit message has the Jira ticket linked
• PR has a short description
• Screenshots before and after the change are added
• Tests for the changes have been added
• README.md is updated if necessary
• Needs additional dependent work

[codecov-commenter]

Codecov Report

❌ Patch coverage is 1.85185% with 53 lines in your changes missing coverage. Please review.
✅ Project coverage is 72.30%. Comparing base (f4a7c82) to head (4d783ae).
⚠️ Report is 5 commits behind head on master.

Files with missing lines	Patch %	Lines
src/Utilities/hooks/usePermissionCheck.js	0.00%	18 Missing and 6 partials ⚠️
src/Utilities/hooks/useKesselWorkspaces.js	0.00%	15 Missing and 3 partials ⚠️
...ationalComponents/WithPermission/WithPermission.js	0.00%	2 Missing and 3 partials ⚠️
src/index.js	0.00%	3 Missing and 2 partials ⚠️
src/Routes.js	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1521      +/-   ##
==========================================
- Coverage   73.67%   72.30%   -1.37%     
==========================================
  Files          97       99       +2     
  Lines        2359     2405      +46     
  Branches      666      677      +11     
==========================================
+ Hits         1738     1739       +1     
- Misses        551      586      +35     
- Partials       70       80      +10     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[LightOfHeaven1994]

Found few things to fix, otherwise I think it looks good. I wasn't able to test it properly because patchman backend times out

[mtclinton]

Thanks for the review @LightOfHeaven1994 , working on testing this now

[LightOfHeaven1994]

PR looks good to me 👍

I don't know why playwright tests are failing. Seems in reality this app checks only read permissions. I see there is template:write permission but it's not really used as patch is divided to two GH repositories.

[TenSt]

lgtm

[mtclinton]

I pushed the fix to 'useAccessCheckContext must be used within an AccessCheckProvider' that other services were experiencing,
guess i need another review due to IBM source controls noww

[LightOfHeaven1994]

LGTM 👍