Any eligible user can approve merge request with full approval count

Summary

Any eligible user (where the user does not belong to the set of explicit approvers) can add their approval to a merge request that already has the required number of approvals.

Steps to reproduce

1. Create a new project
2. Add user A and user B as members
3. In project's merge request settings, add user A as an explicit approver and set the number of approvers required to 1.
4. Create a new merge request
5. Approve this merge request using user A
6. Add another approval to this merge request using user B

Screenshot

• Logged in user is not an explicit approver
• Number of approvals required is 1

What is the current bug behavior?

User B is able to approve the merge request even though they are not in the set of explicit approvers.

What is the expected correct behavior?

User B should not be able to approve the merge request

/cc @jprovaznik @smcgivern