configure-projects: set build_access_level to private
I was going through policy stuff here: https://www.mediawiki.org/wiki/GitLab/Policy#Permissions ...and noticed we'd written this: > The "Pipelines" setting in public namespaced projects should be > set to "Only Project Members". This ensures that only project > members with Reporter privileges are able to run tests on a > particular project. I believe that's what's now under Project -> Settings -> Visibility, project features, permissions -> CI/CD. I'm not _totally_ sure what effect this has, so I guess we'll need to experiment here, and may want to make it optional on a per-project basis. This also makes the project settings updates only do a single write per changed project. The project configuration stuff should be rolled into the `settings` CLI elsewhere in this repo, but I'll save that for a later MR.