Add scan_result_policies to Approval Rule graphql

What does this MR do and why?

This change adds the associated scan result policies to the MR approval rule graphql type. This is needed to show tooltip text as mentioned in this design: #420335 (comment 1505704761)

The frontend MR that uses this graphql query: !130286 (merged)

GraphQL Query

query {
  project(fullPath: "root/test-419789") {
    mergeRequest(iid: "9") {
      approvalState {
        rules {
          id
          scanResultPolicies {
            reportType
          }
        }
      }
    }
  }
}

Database

Query

SELECT
    "approval_merge_request_rules"."report_type", "approval_merge_request_rules"."name", "approval_merge_request_rules"."approvals_required" 
FROM
    "approval_merge_request_rules" 
WHERE
    "approval_merge_request_rules"."merge_request_id" = 240280885 
    AND "approval_merge_request_rules"."security_orchestration_policy_configuration_id" = 21753
    AND "approval_merge_request_rules"."orchestration_policy_idx" = 0

Query Plan

 Index Scan using approval_mr_rule_index_merge_request_id on public.approval_merge_request_rules  (cost=0.57..3.77 rows=1 width=16) (actual time=17.408..18.460 rows=2 loops=1)
   Index Cond: (approval_merge_request_rules.merge_request_id = 240280885)
   Filter: ((approval_merge_request_rules.security_orchestration_policy_configuration_id = 21753) AND (approval_merge_request_rules.orchestration_policy_idx = 0))
   Rows Removed by Filter: 1
   Buffers: shared hit=1 read=9 dirtied=3
   I/O Timings: read=18.147 write=0.000

Time: 21.486 ms
  - planning: 2.937 ms
  - execution: 18.549 ms
    - I/O read: 18.147 ms
    - I/O write: 0.000 ms

Shared buffers:
  - hits: 1 (~8.00 KiB) from the buffer pool
  - reads: 9 (~72.00 KiB) from the OS file cache, including disk I/O
  - dirtied: 3 (~24.00 KiB)
  - writes: 0

Screenshots or screen recordings

How to set up and validate locally

1. Create a scan result policy that contains both license_finding and scan_finding rules in a same policy

type: scan_result_policy
name: Scan Result Policy rule
description: ''
enabled: true
rules:
  - type: license_finding
    match_on_inclusion: true
    license_types:
      - GNU General Public License v2.0 or later
      - GNU Affero General Public License v3.0
    license_states:
      - newly_detected
    branches:
      - main
  - type: scan_finding
    scanners:
      - dependency_scanning
      - dast
      - sast
    vulnerabilities_allowed: 0
    severity_levels:
      - critical
    vulnerability_states:
      - newly_detected
    branches:
      - main
actions:
  - type: require_approval
    approvals_required: 1
    group_approvers_ids:
      - 22

2. Create a MR with some random changes
3. Go to http://gdk.test:3000/-/graphql-explorer and execute the query mentioned in the description and verify if reportType has both SCAN_FINDING and LICENSE_SCANNING

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.

Addresses #420335 (closed)