Add ability to create External API Approver

Problem to solve

As a compliance manager, I want the ability to set an external API as an approval rule to enforce external compliance checks at a project level.

Intended users

Cameron (Compliance Manager)

User experience goal

As described in the designs, a project maintainer (probably a compliance manager) can add a new project-wide approval rule which would rely on a response from an external source to determine its success or failure.

Proposal

Project maintainer creates a new project-level "API Approval" approval rule (as the designs illustrate).
- This creates a new ProjectApprovalRule, with rule_type of api_approval.
- It also creates a webhook that matches the "target branch" filter in the approval rule.
Webhook is fired for any number of reasons (MR updated, created, etc.).
External service performs some arbitrary approval process.
External service makes API call to approve MR, as if it were a user. We'll need to extend this API so that the external service can identify itself. (Still hazy on the details here, but I think we could figure this out once dev has begun.)

Permissions and Security

This should be available to anybody who can currently edit a project's approval rules.

Documentation

Documentation will need to be added as this adds to existing functionality [Section needs expanding]

Add ability to create External API Approver

Problem to solve

Intended users

User experience goal

Proposal

Permissions and Security

Documentation

Availability & Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Is this a cross-stage feature?

Links / references