Add full RE2 regex support to Protected Branches and Protected Tags

Original description inside

Zendesk: https://gitlab.zendesk.com/agent/tickets/81592 We currently support wildcards in protected branches. Customer would like to have the option to negate a protected branch regex. That is, be able to say something like 'protect all branches except feature/*'.

It may be even more powerful if we support full regex support. That would open up lots of crazy possibilities. Is there any reason we shouldn't do that? If so, is it reasonable to add an option to negate?

Problem

Customers are able to use wildcards in Protected Branch and Tags but often this is insufficient. A number of customers have requested full regex support to improve the experience around these features.

Solution

As this is user input we need to ensure we do not open ourselves to ReDoS attacks from unconstrained repetition operators; we can do this by running the target branch values through Gitlab::UntrustedRegex.

UntrustedRegex uses RE2 so we will be able to support RE2 operators.

Documentation

We also need to update the documentation to reflect this change.

Important

1. Ensure that wildcard behaviour is consistent between the old and new logic
2. Add specs to cover these new operators
3. Ensure that none of the RE2 operators conflict with valid branch characters. e.g. if RE2 were to use - as an operator we would need to escape it in all the existing protected branches and tags.