Add service to create and sync policy YAML into read model

Why are we doing this work

The security policies are stored as YAML files in the security policy project. This approach has a lot of advantages (like version control for policies using git, auditable etc) but it faces some performance drawbacks. Since reading from the git repository requires calls to Gitaly, it gets difficult to add additional features

This issue focusses on persisting SecurityPolicyRead from policy YAML whenever these events happen:

• Policy project is linked to a development project
  • Security::Orchestration::AssignService
• Policy YAML is updated:
  • MR that updates policy.yml is merged
  • Scheduled Sidekiq job to update OrchestrationPolicyConfiguration

PoC that partially covers these changes: Draft: Add initial policies tables and save new... (!139352 - closed)

Relevant links

• Epic
• Architecture blueprint
• PoC partially covering this issue

Non-functional requirements

• Documentation:
• Feature flag: new sync should be implemented behind a feature flag
• Performance:
• Testing:

Implementation plan

• Create a new service class Security::SecurityOrchestrationPolicies::Read::SyncService to sync the policies from YAML to delete and re-create SecurityPolicyRead by calling Security::SecurityOrchestrationPolicies::Read::CreateService. Call Security::SecurityOrchestrationPolicies::SyncScanResultPoliciesProjectService after creating SecurityPolicyRead
• Scan result policy rules should be persisted using Security::ScanResultPolicyRule model
• Scan execution policy rules should be persisted using Security::ScanExecutionPolicyRule model
• Update UpdateOrchestrationPolicyConfiguration concern to call Security::SecurityOrchestrationPolicies::Read::SyncService for each policy in YAML

Verification steps

⚠ This issue can only be verified by logs and checking the database as the tables will only be used as a part of #464034 (closed)

• Create a group and enable security_policies_sync_group FF for the group and Create some projects within the group
• Create some policies for the group from Secure -> Policies
• Verify from logs that there are Security::PersistSecurityPoliciesWorker, Security::SyncPolicyWorker, Security::SyncProjectPolicyWorker workers invoked and completed without failures
• Verify from rails console that there are Security::Policy, Security::ApprovalPolicyRule, Security::ScanExecutionPolicyRule are created along with Security::PolicyProjectLink and Security::ApprovalPolicyRuleProjectLink
• Now update the README.md file (or any file other than policy.yml) in the security policy project and merge the MR. Verify from logs that there are no workers of type Security::PersistSecurityPoliciesWorker and Security::ProcessScanResultPolicyWorker created.