Backend: Allow administrator to restrict usage of 3rd party components

Problem

Since users can include any component domain we need to allow administrators of the platform to restrict the usage of external component either through a deny or allow list

Proposed solution

Using policy we can restrict the domains from groups or project which include: components by specifying allowlist

type: ci_component_usage_policy
name: CI Component Usage Policy
description: With this policy we will allow pipelines to run CI Components only from predefined sources.
enabled: true
restricted_sources:
  projects: # Only components from gitlab.com/project-a and my_org.com/group-a/project-1 can be run in the pipeline
  - path: gitlab.com/project-a
  - path: my_org.com/group-a/project-1
  groups: # Only components gitlab.com/group-b can be run in the pipeline
  - path: gitlab.com/group-b
policy_scope:
  compliance_frameworks:
    - id: 3

Additional information

for an MVC we can focus on allowlist only denylist could come later on in case there will be additional demand from our users