[FE] Annotate group as "Compliance and security policy" group and policies with "instance policy" label

Description

Background

As part of the Phase I implementation for centralized management of security policies (Epic: Phase I: Centralized management of security policies in CSP), we need to enhance the UI to clearly identify groups designated as Compliance and Security Policy (CSP) groups and policies that are applied at the instance level.

Problem

Currently, when a group is designated as a CSP group or when policies are applied from the CSP level, there is no visual indication in the UI to distinguish these special designations. Users need a clear way to identify:

Which group is serving as the CSP group
Which policies are being applied from the instance level (CSP)

Proposal

This issue focuses on implementing frontend changes to:

Add visual indicators to groups designated as CSP groups, labeling them as "Compliance and security policy" groups
Add "instance policy" labels to policies that are applied from the CSP level
Update the "Source" column in policy lists to indicate when a policy is coming from the instance level

Requirements

Add a badge or label to groups designated as CSP groups in the group overview page
Add "instance policy" label to policies in the policy list that are applied from the CSP
Update the Source column in policy lists to display "Instance" for policies coming from the CSP
Ensure consistent styling with existing UI components
Implement appropriate tooltips to explain the significance of these labels

Acceptance Criteria

Groups designated as CSP groups display a "Compliance and security policy" badge/label
Policies applied from the CSP level display an "instance policy" label
The Source column in policy lists shows "Instance" for CSP-applied policies
All new UI elements follow GitLab design system guidelines
Appropriate tooltips are implemented to explain the purpose of these indicators

Implementation Notes

This work is part of the centralized security policies implementation, which allows instance admins to designate a group as a CSP group and apply policies from that group to other groups/projects across the instance.

Related Issues

Parent epic: Phase I: Centralized management of security policies in CSP
Design reference: CSP Design

Sources: Phase I: Centralized management of security policies in CSP

Edited May 11, 2025 by Alan (Maciej) Paruszewski