Updating Policy Scope may remove unrelated compliance frameworks

Summary

Using the Policy Scope drop-down to add compliance frameworks

Steps to reproduce

1. Create a project / group and add a Security Policy
2. Make sure there are enough Compliance frameworks that the menu can be scrolled to load more items
3. Add a project that would not be loaded by the initially-loaded list
4. Update the policy
5. Return to update policy again
6. Toggle an item above the scroll
7. Observe the YAML preview reflects the removal

Example Project

https://gitlab.com/groups/duncan_harris_ultimate_group/security-policy-stuff/namespace-with-policy-applied/-/security/policies

I recorded this issue being reproduced and have attached that as a confidential comment.

What is the current bug behavior?

The policy will be updated with previously-selected items removed

What is the expected correct behavior?

The only items changed should be the items that are deliberately changed.

Results of GitLab environment info

This was reproduced on GitLab.com ( GitLab Enterprise Edition 17.9.0-pre 94243d5e )

Possible fixes

If you can, link to the line of code that might be responsible for the problem.