Updating Project Scope may remove unrelated items

Summary

Using the Policy Scope drop-down to add except or include Projects to a Security Policy can inadvertently remove projects

Steps to reproduce

1. Create a project / group and add a Security Policy
2. Make sure there are enough Projects that the menu can be scrolled to load more items
3. Add a project that would not be loaded by the initially-loaded list
4. Update the policy
5. Return to update policy again
6. Toggle an item above the scroll
7. Observe the YAML preview reflects the removal

Example Project

https://gitlab.com/groups/duncan_harris_ultimate_group/security-policy-stuff/namespace-with-policy-applied/-/security/policies

I recorded this issue being reproduced and have attached that as a confidential comment.

What is the current bug behavior?

The policy will be updated with previously-selected items removed

What is the expected correct behavior?

The only items changed should be the items that are deliberately changed.

Results of GitLab environment info

This was reproduced on GitLab.com ( GitLab Enterprise Edition 17.9.0-pre 94243d5e )

Possible fixes