Org model: Domain request table - users can still see the "edit" and "manage" buttons despite not having permissions

[zandercymatics]

Current Behavior

When a portfolio user does not have the "Create and edit requests" (EDIT_REQUESTS) permission, they can still see the "edit" and "manage" buttons for readonly domain request entries on the domain request table.

Expected Behavior

When a user does not have the "Create and edit requests" (EDIT_REQUESTS) permission, we should display the view button as we do for other view-only rows. This should apply for all statuses.

Note that this should ONLY occur when in org view. If the waffle flag is off and/or the user is not part of a portfolio, they should still see and be able to access the edit and manage buttons as normal.

Steps to Reproduce

Assuming that you are starting with either a fresh portfolio or a portfolio created by fixtures:

1. Enable the organization_feature and organization_requests waffle flags
2. Add yourself to a portfolio as an admin WITH the "create and edit requests" permission
3. Start a new domain request, and leave it in started. Create another and submit it.
4. Change your permissions and REMOVE the "create and edit requests" permission
5. Going back to the portfolio, note that you can still see the edit / manage buttons for said request despite not being permissioned to do so

Environment

Stable, staging, development + most sandboxes

Additional Context

From a glance, the code for this is mostly contained in domain_requests_json.py within the serialize_domain_request function. That would be a good place to start.
See this thread for more context and images of the behavior

Issue Links

No response