Move permission check from ArtifactsDeleteView to the route

As suggested by @Gusted in #2431, move the permission checking from
`ArtifactsDeleteView` into the route instead, where it belongs.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>

routers/web/web.go

@@ -1401,7 +1401,7 @@ func registerRoutes(m *web.Route) {
 					m.Post("/approve", reqRepoActionsWriter, actions.Approve)
 					m.Post("/artifacts", actions.ArtifactsView)
 					m.Get("/artifacts/{artifact_name}", actions.ArtifactsDownloadView)
-					m.Delete("/artifacts/{artifact_name}", actions.ArtifactsDeleteView)
+					m.Delete("/artifacts/{artifact_name}", reqRepoActionsWriter, actions.ArtifactsDeleteView)
 					m.Post("/rerun", reqRepoActionsWriter, actions.Rerun)
 				})
 			})