Consolidate permission checks for `approve_deployment` in policies
Problem
Today, we don't have SSOT facility to check if a user has permission to approve a deployment. This gives us hard time to maintain/synchronize the multiple/duplicate permission logic across multiple places, therefore it's not ideal from development standpoint.
Proposal
From the discussion in !95071 (comment 1076159033)
The permission checks for can?(current_user, :update_deployment, deployment)
are often followed by a check for an appropriate approval rule that the current user can approve for. In some cases in someone else's stead.
This means we combine the check with a read_deployment
and a check for an appropriate approval instead of enabling update_deployment
for the correct condition and checking that, this is repeated in 2 places that I could find: