Use License Scanning scanner class when refreshing MR approvals

Why are we doing this work

The backend needs to be updated to refresh MR approvers using the new License Scanning Service, and when project SBOMs have been ingested.

Prior to this prior, MR approvers are refreshed in response to the following events:

• A license policy is added to the project.
• An existing license policy is updated.
• A pipeline with License Scanning reports completes.

Out of scope: Refreshing the MR approvers when SBOM components are upserted into the DB is out of of scope. At the moment the License Scanning SBOM scanner gets SBOM components by parsing the SBOM reports; SBOM components are not fetched from the DB. See #377420 (comment 1229835792)

Relevant links

Technical evaluation:

• RefreshLicenseComplianceChecksWorker: #377688 (comment 1133063363)
• MergeRequestApprovalRule: #377688 (comment 1133073623)

Non-functional requirements

• Testing: update ee/spec/models/approval_merge_request_spec.rb with new test cases if needed and ensure that the spec passes.
  • The refresh license worker spec covers the cases where a license approval rule does not exist, denies a license, and approves a license.

Implementation plan

• Update ApprovalMergeRequestRule#refresh_license_scanning_approvals so that it gets a license scanning report using the license scanning scanner.

Verification steps

1. Create a project with license scanning enabled if one does not already exist.
2. Open an MR and approve the changes.
3. Create and push a commit to the MR that adds a license and verify that it refreshed the approvals.
4. Add a new license policy that accepts the license and verify that the approvals have refreshed.
5. Re-approve the merge request.
6. Update the recently created license policy so that it denies the license and verify that the approvals have refreshed.