Audit events for project and group export download

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Work on this issue
• Close this issue

About

Similarly to Add audit events for project and group imports ... (#441977 - closed):

In https://gitlab.com/gitlab-org/gitlab/-/issues/294168 we are adding some new audit events for project and group exports, but the audit events are incomplete https://gitlab.com/gitlab-org/gitlab/-/issues/294168#note_1773591288.

This issue is to add the missing audit events.

Proposal

Observe Silent Admin Exports setting

IMPORTANT: Every audit event added in this issue must not be created if the Silent Admin Export setting has been enabled for the instance (Gitlab::CurrentSettings.silent_admin_exports_enabled?) and the user is an admin.

See !152143 (merged) for an example implementation of skipping audit creation due to Silent Admin Export checks, when the audit is created in the request.

When the audit event is created on Sidekiq, due to admin mode, the User#can_admin_all_resources? can return false when in the context of a Sidekiq worker when the user was operating as an admin in the request. For audit events created within workers we will need to implement a similar mechanism of passing a new param to the worker (or persisting this value somewhere) examples of both are in !151278 (merged). Note this information is being verified in this Slack thread (internal, good for 90 days).

New audit events

• Add new audit events for Importer:Project Export/Import:
  • Project export is downloaded through API (note, there is an existing audit event for when the project export is downloaded through the UI, the API download can use that same one).
  • Group export is downloaded through both UI or API (note, unlike project export there is currently no audit event for group export, so we need to make a new one and generate the audit for both UI and API download)