Backport of [bugfix, ui] Allow running jobs from a namespace-limited token into release/1.3.x

[hc-github-team-nomad-core]

Backport

This PR is auto-generated from #13659 to be assessed for backporting due to the inclusion of the label backport/1.3.x.

The below text is copied from the body of the original PR.

---

Currently, there are a few things preventing a user from running a new job via the UI, in an environment where their ACL token has limited namespace abilities:

1. We had previously tied the "Run job" button to an ability that depended on the current namespace. However, this means that your ability to run a job is dependent on filtering your jobs index table, which is pretty confusing to an end-user. Worse, if you don't have any jobs currently running, you don't get any option to set this namespace filter at all.
   • The abilities/job can run ability now looks at all abilities across all namespaces within your policy. This means there's a chance you submit a job for which you don't have write permissions, but good news: it gets caught at several steps along the way upon submission. It's better to not restrict access to this editor and this change reflects that.
2. If you did somehow manage to make it to the /run page, ever since 1.2.6, Nomad job parsing requires an ACL token but namespaces have never been sent along with that request. Thus, if you had * { read } and myNamespace { write }, it would try to parse your job without a namespace and return a 403.
   • This is a pretty circular issue: the thing that let us determine the namespace of a job was the /parse request. But now that that parse request is conditional upon the namespace... you get where this is going.
   • So, we could try to move the parse() functionality into the browser, which comes with a lot of its own chance for error (Job HCL parsing within the Nomad UI doesn't sound like something we should be doing). Instead, this PR opts to include a Namespaces dropdown on the job/run UI. It uses this when passing the job to /parse.
     ^--- great news update: Turns out we don't need to parse the namespace, we just need a namespace. All other things being equal, a POST to /parse will 403 but /parse?namespace=* will 20x.

Side-effect: Includes better error messaging for ACL permission errors upon job submission.

[github-actions]

Ember Test Audit comparison

	release/1.3.x	184eb6d	change
passes	1287	1288	+1
failures	2	2	0
flaky	0	0	0
duration	000ms	000ms	-000ms

[github-actions]

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.