Adapt MR widget to support fail-closed approval rules

What does this MR do and why?

This MR depends on the backend MR: !116969 (merged).

It updates the UI of the MR widget to support the new fail-closed rules from Security & Compliance policy (feature flag :invalid_scan_result_policy_prevents_merge, disabled by default). It gives users better explanation of the rule status and helps them differentiate between fail-open (currently default - auto-approved invalid rules) and fail-closed rules (only applicable to Security Policy rules).

Screenshots or screen recordings

• Before

  

• After

  

• Auto approved popover

  

• Action required popover

  

• When FF :invalid_scan_result_policy_prevents_merge from backend MR is disabled

  

How to set up and validate locally

1. Backend changes are required to validate locally: !116969 (merged)
2. Enable the new feature flag:

   Feature.enable(:invalid_scan_result_policy_prevents_merge)

3. Create a new security policy with secret detection and require approval from one user
4. Configure with merge request & Merge
5. Open an MR which adds a leaked secret, thus violating the policy
6. Block the user used in the security policy
7. Add approval rule on the MR to verify the fail-open state, using the same blocked user as the approver
8. The MR widget should display (!) Action required for the Security Policy rule and (!) Auto approved for the other approval rule

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.

Related to #389905 (closed)