DB level deadlocked in AncestorsUpdateService

We've observed multiple PG::TRDeadlockDetected errors in the Security::AnalyzerNamespaceStatuses::AncestorsUpdateService (Sentry issue).

The root cause is likely that multiple background workers are concurrently executing upsert operations on the same analyzer_namespace_statuses record for the upper namespaces in the tree, resulting in lock contention and deadlocks when updating overlapping namespace/analyzer_type combinations.

This appears to be related to a recent incident that may have increased the number of concurrent workers processing namespace status updates together.

To fix this, we should consider adding an exclusive lock based on the root_namespace.