[SPIKE] Explore possibility of unifying logic to validate group relationships for protected branches, code owners, and approval rules

We allow users to assign groups to protected branches. The project must either be owned by or shared with the group. We also allow users to assign groups to code owner rules. The project must either be owned by or shared with the group. Inviting a group to a parent group will not make the group valid. Approval rules also follow similar rules https://docs.gitlab.com/ee/user/project/merge_requests/approvals/rules.html#groups-need-explicit-or-inherited-developer-role-on-a-project

I feel like it's likely these features can follow the same ruleset. If that is the case we should look into creating an object to handle finding/validating these groups.

This would include an endpoint, either new or modify and existing one, to fetch these groups so the frontend can supply them, and then modifying the logic in each feature to use the new object.

We'd also need to update the documentation, potentially adding a new page that we can link to from each feature explaining the parity between these.