Ask approval for MR that fix issues with specific labels

Feature Request: Add approval policy for merge requests that fix issues with a specific label

Summary

Adding a feature to require approval for any merge requests that fix issues labeled as security vulnerabilities or have a specific label added.

Motivation

Example: Requiring extra approval for changes that address security issues will help reduce risk from unauthorised or insufficiently reviewed fixes. Currently we would need to build custom automation to enforce this, so having it as a built-in policy would simplify that.

Currently we have automation that returns a message like: !171229 (comment 2186962468):

Proposal

Add a merge request approval policy setting that requires 1 or more approvals from specified users/groups if the MR has a description that indicates it fixes an issue labeled "security" or any other specified labels.