This changes the permission check so it uses the policy on Noteable
instead of Project. This prevents bypassing of rules defined in
Noteable for locked discussions and confidential issues.
Also rechecks permissions when reply_to_discussion_id is provided since the
discussion_id may be from a different noteable.
**Why?**
The previous behavior had resolved discussions being unresolved
when commented on. This was strange UX, especially since there
is a separate button for "Comment & unresolve discussion".
https://gitlab.com/gitlab-org/gitlab-ce/issues/24128
**Note:**
- Also adds changelog
* adds basic discussions API for issues and snippets
* reorganizes notes specs (so same tests can be used for all noteable types - issues, MRs, snippets)
