Moving a project can orphan a compliance framework

The following discussion from !111240 (merged) should be addressed:

• @duncan_harris started a discussion: (+2 comments)

The steps I took:

1. Assigned a Compliance Framework to a project in Group A
2. Moved project to Group B without removing the Compliance Framework
3. Project still shows the Compliance Framework bean label next to the project name and can still run pipelines

In the customer's case, the Compliance Framework option in Settings → General has a "No compliance frameworks are set up yet" message, so we can't edit the frameworks manually. I was able to reproduce this by assigning a framework, then moving the project to a new group with Ultimate. The project can still run compliance pipelines at that point - including recognizing changes to the compliance CI yaml - but if a user who doesn't have access to the compliance pipeline runs a job the pipeline fails with an access error. At the very least if a project has a configured framework it should be possible for a user with correct permissions to remove it if no group default exists.

If you move a project, the compliance framework can become orphaned and can't be removed. The compliance framework then needs to be removed manually from the project with GraphQL

Also update the doc about the impact of changing project

Implementation Plan

1. In ee/app/services/ee/projects/transfer_service.rb after project is saved destroy the associated compliance framework setting.
2. Write relevant specs.