Spike: How to selectively rebuild only changed scan result policies

In &9971, we will move policy data to the database. This will also enable us to rebuild approval rules selectively. Currently, for any change to the policy YAML, all approval rules and associated data is wiped, then rebuilt. This is inefficient, and we want to determine possible approaches to identify policies affected by a YAML change:

• Checksumming policies
• Unique identifiers
• Reading the difference from git
• etc.

---

The following discussion from !139065 (merged) should be addressed:

• @bauerdominic started a discussion: (+1 comment)

  How are we going to implement this? Checksum each policy?