Introduce application settings for Pipeline execution policy limits

Why are we doing this work

See &16929 (closed). We want to introduce application settings that configure the two policy limits for Pipeline execution policies (currently both hard-coded to 5):

• number of PEP definable per policy.yml
• number of PEP that apply per policy

Relevant links

• &16929 (closed)

Non-functional requirements

• Documentation: Yes, see Implementation Plan
• Feature flag: No
• Performance: n/a
• Testing: n/a

Implementation plan

1. backend Follow Add a new application setting to add 2 new application settings under the existing security_policies top-level key:

   • pipeline_execution_policies_per_configuration_limit
   • pipeline_execution_policies_per_pipeline_limit

2. backend Consume the application setting in place of current constants:

   2.1 Consume the pipeline_execution_policies_per_configuration_limit setting:

   diff --git a/ee/app/models/concerns/security/pipeline_execution_policy.rb b/ee/app/models/concerns/security/pipeline_execution_policy.rb
   index 8ac372dfa2b4..6d81016272b9 100644
   --- a/ee/app/models/concerns/security/pipeline_execution_policy.rb
   +++ b/ee/app/models/concerns/security/pipeline_execution_policy.rb
   @@ -2,15 +2,18 @@
   
    module Security
      module PipelineExecutionPolicy
   -    # This is the maximum number of PEPs in a policy config file
   -    POLICY_LIMIT = 5
   -
        def active_pipeline_execution_policies
   -      pipeline_execution_policy.select { |config| config[:enabled] }.first(POLICY_LIMIT)
   +      pipeline_execution_policy.select { |config| config[:enabled] }.first(policy_limit)
        end
   
        def pipeline_execution_policy
          policy_by_type(:pipeline_execution_policy)
        end
   +
   +    private
   +
   +    def policy_limit
   +      Gitlab::CurrentSettings.pipeline_execution_policies_per_configuration_limit
   +    end
      end
    end

   2.2 Consume the pipeline_execution_policies_per_pipeline_limit setting:

   diff --git a/ee/lib/gitlab/security/orchestration/project_pipeline_execution_policies.rb b/ee/lib/gitlab/security/orchestration/project_pipeline_execution_policies.rb
   index 3768dd4c2c37..0331865bf32d 100644
   --- a/ee/lib/gitlab/security/orchestration/project_pipeline_execution_policies.rb
   +++ b/ee/lib/gitlab/security/orchestration/project_pipeline_execution_policies.rb
   @@ -4,8 +4,6 @@ module Gitlab
      module Security
        module Orchestration
          class ProjectPipelineExecutionPolicies
   -        POLICY_LIMIT_PER_PIPELINE = 5
   -
            def initialize(project)
              @project = project
            end
   @@ -21,7 +19,7 @@ def initialize(project)
            #   Result: [policy5, policy4, policy3, policy2, policy1]
            def configs
              applicable_execution_policies_by_hierarchy
   -            .first(POLICY_LIMIT_PER_PIPELINE)
   +            .first(policy_limit)
                .reverse # reverse the order to apply the policy highest in the hierarchy as last
                .map do |(policy, policy_project_id, index)|
                  ::Security::PipelineExecutionPolicy::Config.new(
   @@ -51,6 +49,10 @@ def configs_ordered_by_hierarchy
                                                                                      .all.index_by(&:namespace_id)
              [nil, *@project.group&.self_and_ancestor_ids].filter_map { |id| configs[id] }.reverse
            end
   +
   +        def policy_limit
   +          Gitlab::CurrentSettings.pipeline_execution_policies_per_pipeline_limit
   +        end
          end
        end
      end

3. documentation Update pipeline_execution_policies.md to specifically note these settings in addition to regenerating Available settings

Verification steps

TBD