Include parent project users when creating a sandbox

[midigofrank]

Description

When creating sandboxes, copy over parent project's users as well. All users maIntain their roles except for owner who now becomes an admin.

Closes #3761

Validation steps

1. Visit the sandboxes page for a project, i.e, http://localhost:4000/projects/<your-project-id>/sandboxes
2. Click to create a new sandbox. Fill in the form in the modal and submit
3. In the sandbox project settings, verify that all users have been included with their roles.
4. Also verify a case where the the owner of the parent project is not you (current user). Check that the parent owner is added as an admin

AI Usage

Please disclose whether you've used AI anywhere in this PR (it's cool, we just
want to know!):

• I have used Claude Code
• I have used another model
• I have not used AI

You can read more details in our
Responsible AI Policy

Pre-submission checklist

• I have performed an AI review of my code (we recommend using /review
  with Claude Code)
• I have implemented and tested all related authorization policies.
  (e.g., :owner, :admin, :editor, :viewer)
• I have updated the changelog.
• I have ticked a box in "AI usage" in this PR

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 89.33%. Comparing base (d93407f) to head (1508f21).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4359      +/-   ##
==========================================
- Coverage   89.37%   89.33%   -0.05%     
==========================================
  Files         425      425              
  Lines       20009    20014       +5     
==========================================
- Hits        17883    17879       -4     
- Misses       2126     2135       +9     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[midigofrank]

Hey @josephjclark , when you have some time could you help click test this?

[josephjclark]

@midigofrank I'll test this out for you tomorrow (got a bit distracted today)

[josephjclark]

Ok @midigofrank there's some weird stuff going on here. We might want to spin this out into more issues, but if the fixes are small maybe we can sneak it all in.

These issues all exist on main:

1. When logging in with the demo viewer and superuser accounts, I don't seem to have a Sandboxes page at all, on any projects, not even new projects I create. I created a new user on staging just to check it out and I and the same problem there - my staging user didn't have a Sandboxes menu item. The /sandboxes URL works in both cases
2. When I go to the /sandbox page, I seem to see all sandboxes associated with the project - regardless of whether I have access or not. I'd expect to only see projects I can access here. When I click the project, I get a "Not Found" error.

And on this branch, one problem directly related to the OG issue:
3. If support access is enabled on the parent project, when I create a new sandbox, support access is gets lost

The good news is that, on this branch, new sandboxes will now clone the access rules of the parent project. So that bit's working nicely.

I think we should fix 3 here and spin 1 and 2 out into new issues?