Documentation enhancements for scan result policies

We noticed that scan result policies, including license approval policies works only for protected branches and we should document this condition clearly. Related discussion

Also there are other enhancements that can be added like changing the image from https://docs.gitlab.com/ee/user/compliance/license_approval_policies.html#criteria-comparing-licenses-detected-in-the-merge-request-branch-to-licenses-detected-in-the-default-branch as MIT and Apache 2.0 are not SPDX software license names. Related issue #395776 (closed)