Merge commit from fork
- When using a form we were checking that only admin users can import projects,
but that was done in the frontend, so it was easy to bypass that
restriction.
- When using API V3, we were not doing any checks at all.
Ref https://github.com/readthedocs/readthedocs.org/security/advisories/GHSA-rmqq-mq6q-8hpg
