Sync merge request approval rules based on scan result policies update

Why are we doing this work

As an application security engineer or compliance manager, I expect that when I make changes to a security approval policy, it will apply to ALL merge requests regardless of whether they were created before or after I make the change.

Relevant links

Non-functional requirements

• Documentation:
• Feature flag:
• Performance:
• Testing:

Implementation plan

• backend Reuse the existing process_scan_result_policy_service which currently deletes outdated project approval rules and creates new ones based on scan result policies.
• backend Add sync_report_approver_approval_rules so merge request approval rules will be created/updated based on the recently created project approval rules. This will be the actual syncing.
• backend Create a new service to delete orphans (related to the table approval_merge_request_rule_sources) merge request approval rules (scan_finding only). This step will only be required if the number of rules is reduced or if they changed radically.
• documentation Update docs by removing the constraint that once the merge request is created approval rules are not updated if scan result policy changes.

Verification steps