Make stages order from security policy custom CI yaml take precedence over project stage ordering

With #425012 (closed) we allow stages to be defined within custom yaml. If no default stages are defined, they will be added automatically.

For example if a policy yaml defines only the build stage, the project CI can still have jobs for test or deploy:

stages:
  - build

However, this doesn't provide enough control over the order of the stages. The order of stages defined in the security policy should take precedence over the order of default stages and the order of stages defined in the project CI.

Examples

Take precedence over default stages

# Security policy yaml stages
stages:
  - build
  - after_build
  - test
  - deploy

Expected result: .pre, build, after_build, test, deploy, .post

Current result: .pre, build, test, deploy, after_build, .post

Take precedence over project stages

# Project .gitlab-ci.yaml stages
stages:
  - build
  - project_custom_stage
  - test
  - deploy

# Security policy yaml stages
stages:
  - build
  - after_build
  - project_custom_stage
  - test
  - deploy

Expected result: .pre, build, after_build, 'project_custom_stage', test, deploy, .post

Current result: .pre, build, 'project_custom_stage', test, deploy, after_build, .post