[Backend] Add source and target branches to branch_exceptions in rules

Why are we doing this work

MR approval policies ensure that code changes to protected/default branches are properly reviewed, do not contain vulnerabilities, and it's not possible to circumvent the secure/complaint workflow. However there are exception cases that disrupt day-to-day operations, such as GitFlow model where MRs are created from the default branch to a release branch.

If a merge request approval policy is specified in a top level group with prevent_approval_by_commit_author set to true, there is a case when users attempt to merge from certain branches to another, the eligible approvers approaches nil and it's challenging to get the merge completed. An exception for source branches could provide more flexibility for particular workflows. The flow here would involve requiring approvals on changes to main, but when users go to created a tagged release branch, such as release/v2, there are no longer any users (or very few users) available to approve the merge that haven't contributed. To mitigate this, users can determine the source and target branch and set an exception to allow for these scenarios.

As a part of this issue, we want to extend branch_exceptions in MR approval policy rules to support source and target branches too, something like:

approval_policy:
  - name: Any MR Rules
    rules:
      - type: any_merge_request
        branch_exceptions:
          - source:
              name: main
            target:
              name: release/v2
        commits: any
    actions:
      - type: require_approval

Relevant links

Non-functional requirements

• Documentation:
• Feature flag:
• Performance:
• Testing:

Implementation plan

Verification steps