Have the fetch tag dialog show a warning for robot accounts without access

Before this change, we'd show the squash pulling command with the proper credentials, but it then 403s on the end user.

data/model/legacy.py

@@ -1201,6 +1201,12 @@ def update_email(user, new_email, auto_verify=False):
 
 
 def get_all_user_permissions(user):
+  return _get_user_repo_permissions(user)
+
+def get_user_repo_permissions(user, repo):
+  return _get_user_repo_permissions(user, limit_to_repository_obj=repo)
+
+def _get_user_repo_permissions(user, limit_to_repository_obj=None):
   UserThroughTeam = User.alias()
 
   base_query = (RepositoryPermission
@@ -1211,6 +1217,9 @@ def get_all_user_permissions(user):
                 .join(Namespace, on=(Repository.namespace_user == Namespace.id))
                 .switch(RepositoryPermission))
 
+  if limit_to_repository_obj is not None:
+    base_query = base_query.where(RepositoryPermission.repository == limit_to_repository_obj)
+
   direct = (base_query
             .clone()
             .join(User)