Prevent triggers from rewriting group_push_rules table

Context

db/migrate/20250516111904_create_group_push_rules_sync_triggers.rb populates and synchronizes the group_push_rules table with push_rules data. This could cause problems if the trigger fires while the Read and write operations for group_push_rules ... (!206152 - merged) is enabled, since the group_push_rules table can be populated with stale data from push_rules.

Proposal

Create a new migration and modify the triggers to prevent them from being executed by adding a timestamp condition. Something like the following (untested code):

class AddTimestampCheckToGroupPushRulesTrigger < Gitlab::Database::Migration[2.3]
  def up
    execute <<~SQL
      CREATE OR REPLACE FUNCTION sync_group_push_rules()
      RETURNS TRIGGER AS $$
      DECLARE
        target_record RECORD;
      BEGIN
        -- Check if there's an existing record in group_push_rules
        SELECT * INTO target_record FROM group_push_rules 
        WHERE group_id = NEW.group_id;
        
        -- Only sync if:
        -- 1. No record exists in group_push_rules, OR
        -- 2. The push_rules record is newer than the group_push_rules record
        IF target_record IS NULL OR NEW.updated_at > target_record.updated_at THEN
          -- Insert the existing sync logic here
          -- (Keep all the original logic for creating/updating records)
        END IF;
        
        RETURN NEW;
      END;
      $$ LANGUAGE plpgsql;
    SQL
  end