Show "New policy" button with explanatory tooltip when user lacks permissions

Problem Statement

Currently, when users don't have the necessary permissions to create a new security policy, the "New policy" button simply doesn't appear in the UI. This creates confusion as users don't understand why the button is missing or what steps they need to take to gain the ability to create policies.

Proposed Solution

Instead of hiding the "New policy" button entirely, display it with a disabled state and add a tooltip that explains:

1. Why the user cannot create a policy
2. What specific permissions or conditions are required
3. Clear next steps the user can take to resolve the situation

Current Behavior

The "New policy" button is only visible at the project level when either:

• There is a linked security policy project (SPP) where policies can be stored
• There is no linked SPP, but the user has owner access

For users who don't meet these conditions, the button is completely hidden, providing no guidance on how to proceed.

Expected Behavior

• The "New policy" button should always be visible but appear disabled when the user lacks permissions
• Hovering over the disabled button should display a tooltip with context-specific guidance:
  • If no SPP exists: "You need owner access to create a security policy project. Contact a project owner or create policies at the group level if you have appropriate permissions there."
  • If SPP exists but user lacks permissions: "You need Maintainer or Owner access to the linked security policy project to create new policies."
• The tooltip should include a link to documentation about security policy projects and permission requirements

Business Value

This improvement will:

• Reduce user confusion and support requests
• Provide clear guidance for users to unblock themselves
• Improve the overall user experience by making the security policy creation workflow more transparent
• Support the broader initiative to simplify security policy management mentioned in the related discussions

Technical Considerations

• The tooltip content should be dynamic based on the specific reason the user cannot create a policy
• Consider adding a "Learn more" link in the tooltip that directs to relevant documentation

Related Issues

• This is related to the dogfooding of security policies (https://gitlab.com/gitlab-com/gl-security/product-security/appsec/appsec-team/-/issues/901#note_2385386798)