Expose approval rules in MergeRequest GraphQL object

Why are we doing this work

There's been a customer question about using the GraphQL API to see MR vulnerability-check approvals. This is currently only possible in the REST API.

On top of being a customer request, it's also part of the GraphQL Vision:

anything possible in the REST API should also be possible in the GraphQL API.

Relevant links

• REST Get the approval state of merge requests
• GraphQL MergeRequest

Non-functional requirements

• Documentation: as required by GraphQL implementation
• Feature flag: N/A
• Performance: TBC
• Testing: specs

Implementation plan

• backend Introduce a new field for the MergeRequest GraphQL type called approval_state and its type with the following fields;
  • approval_rules_overwritten Boolean not null
  • rules with the type of a collection of ApprovalRule(not null). This is a new type with the following fields;
    • id ID not null
    • name String not null
    • rule_type Enum defined in ApprovalProjectRule model not null
    • approvals_required Integer not null
    • approved Boolean not null
    • overridden Boolean not null
    • contains_hidden_groups Boolean not null
    • source_rule type of an ApprovalRule can be null
    • eligible_approvers list of Users
    • users list of Users
    • approved_by list of Users
    • groups list of Groups

Note: We can check the existing entity and presenter classes to figure out how these fields are populated on REST API to implement similar logic or use existing ones on GraphQL API.

/cc @matt_wilson