allow challenge leader/owner to view/join/modify challenge in private group they've left - fixes #9753 (#10606)

* rename hasAccess to canJoin for challenges

This is so the function won't be used accidentally for other
purposes, since hasAccess could be misinterpretted.

* add isLeader function for challenges

* allow challenge leader to join/modify/end challenge when they're not in the private group it's in

* delete duplicate test

* clarify title of existing tests

* add tests and adjust existing tests to reduce privileges of test users

* fix lint errors

* remove pointless isLeader check (it's checked in canJoin)

test/api/v3/integration/challenges/POST-challenges.test.js

@@ -94,16 +94,6 @@ describe('POST /challenges', () => {
       });
     });
 
-    it('returns an error when non-leader member creates a challenge in leaderOnly group', async () => {
-      await expect(groupMember.post('/challenges', {
-        group: group._id,
-      })).to.eventually.be.rejected.and.eql({
-        code: 401,
-        error: 'NotAuthorized',
-        message: t('onlyGroupLeaderChal'),
-      });
-    });
-
     it('allows non-leader member to create a challenge', async () => {
       let populatedGroup = await createAndPopulateGroup({
         members: 1,