Update scan_finding approval rules when protected branch is created/updated

Why are we doing this work

Currently whenever a protected branch is created/deleted, we enqueue Security::ProcessScanResultPolicyWorker for the project or all projects in a group. But the worker does a lot of heavy operations which are not needed when a protected branch is updated/created. Instead of calling the worker we want to introduce a new light-weight worker that updates the protected branches of ApprovalProjectRule and resync the approval rules only for the MRs that are affected by the protected branch change.

Relevant links

Non-functional requirements

Documentation:
Feature flag:
Performance:
Testing:

Update scan_finding approval rules when protected branch is created/updated

Why are we doing this work

Relevant links

Non-functional requirements

Implementation plan

Verification steps