Fix updating projects for CSP frameworks

Fixes up the scope that is checked when a framework is assigned to a project. Currently you are not allowed to assign a framework from another namespace to a project, this allows you to now assign frameworks from the CSP Group to another group's projects.

How to set up and validate locally

Ensure you have a local setup with an ultimate license, and at least two top level groups.

Setup Group with CSP flag.

1. Enable the feature flags:

   Feature.enable(:security_policies_csp)
   Feature.enable(:include_csp_frameworks)

2. Create a top-level group and assign it as a CSP using rails console:

   Security::PolicySetting.instance.update! csp_namespace: Group.find(<group_id>)

Now navigate to your CSP Group(example for gitlab-org/gitlab-test) to the Compliance Frameworks page and create a new framework. Making sure to at least supply a name, description and color.

Now navigate to a non-CSP Group that would have that framework inherited, making sure that you have at least one project created. Click on edit framework, from the edit screen go down to projects, assign a project to the CSP framework.