Prevent adding data migrations in security merge requests

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

From gitlab-org/release/docs!417 (merged):

Incident gitlab-com/gl-infra/production#6072 (closed) was the result of a data migration gone wrong. It deleted more data than it should have and the recovery process was arduous.

However, this migration was split out from a security MR which originally hid the data correctly. Had the Security MR included the data migration, data recovery would have been more difficult or impossible because of the nature of back-ports and a mid-milestone security release.

Proposal

Add a Danger rule that warns, or preferably fails, when a data migration is introduced in security releases.

Edited by 🤖 GitLab Bot 🤖