[lib] Remove descendantJoinThread from knowOfSecretChannelsPermissions

Summary:
This prevents somebody who can see secret channels from joining a sidebar when they aren't the member of its parent.

Because of how our logic around containingThreadID works, it's important that we maintain the property that "if a user is a member of X thread with containingThreadID, it is also a member of containingThreadID.

As such, the permissions system is structured to always assign sidebar JOIN_THREAD permissions from the sidebar's parent.

In other words, we should never see JOIN_THREAD and DESCENDANT together without also having TOP_LEVEL (or OPEN_TOP_LEVEL).

Depends on D13017

Test Plan:
The whole stack was tested as follows:

1. Unit tests from D9686, which toggle user-surfaced permissions on and off and make sure no difference is caught. This ensures that the original issue introduced in D9686 isn't reintroduced
2. Careful review of each descendant permission removed in D9686
3. Create a community as userA and add userB. Grant tagging permissions to all members. Make sure userB can tag inside non-root channels
4. Do above, then create a channel without userB, and make sure userB can't tag there either (or do anything other than view). This is the repro described here
5. Do above, but also create a thread inside the channel (as userA) and make sure userB can't do anything inside the thread other than view, until they join the parent channel

Reviewers: tomek, inka

Reviewed By: tomek

Differential Revision: https://phab.comm.dev/D13018