Ensure attributes that end in `_ids` are cleaned

This prevents an issue where you can steal other projects objects by
asking for ids that don't belong to you in import.

lib/gitlab/import_export/attribute_cleaner.rb

@@ -4,7 +4,7 @@ module Gitlab
   module ImportExport
     class AttributeCleaner
       ALLOWED_REFERENCES = RelationFactory::PROJECT_REFERENCES + RelationFactory::USER_REFERENCES + %w[group_id commit_id]
-      PROHIBITED_REFERENCES = Regexp.union(/\Acached_markdown_version\Z/, /_id\Z/, /_html\Z/).freeze
+      PROHIBITED_REFERENCES = Regexp.union(/\Acached_markdown_version\Z/, /_id\Z/, /_ids\Z/, /_html\Z/).freeze
 
       def self.clean(*args)
         new(*args).clean