[Backend] Define roles allowed to manage project-level exclusions

Overview

This issue tracks the work required to define and set which roles are allowed to manage project-level exclusions. We have made a decision to only allow maintainer+ roles to control exclusions, but we need to have this defined in the code as well through the project policy.

Implementation Plan

Update project_policy to ensure only maintainer_access and above can manage_project_security_exclusions.
Update project_policy to ensure auditor and developer can read_project_security_exclusions.
Update corresponding tests to confirm this works as intended.

Edited Sep 02, 2024 by Ahmed Hemdan