Add scan result policy access check

What does this MR do and why?

This MR disables force-pushes to projects affected by at least one active scan result policy. The presence of a policy also overrides the "Allowed to force push" option of protected branches.

How to set up and validate locally

• Create a new project and toggle the feature flag:

  Feature.enable(:scan_result_policies_block_force_push, Project.last)

• Clone the repository locally, amend the initial commit, and verify you can force-push the amended commit

• Navigate to Settings > Repository, expand the Protected branches section and enable the Allowed to force push toggle for the default branch

• Navigate to Secure > Policies and create any scan result policy targeting the default branch, e.g.:

  name: Test
  description: ''
  enabled: true
  rules:
  - type: scan_finding
    scanners: []
    vulnerabilities_allowed: 0
    severity_levels: []
    vulnerability_states: []
    branch_type: protected
  actions:
  - type: require_approval
    approvals_required: 1
    user_approvers_ids:
    - 1
  approval_settings:
    block_protected_branch_modification:
      enabled: true

• Verify you can no longer force-push to the default branch and see the error message output:

  Writing objects: 100% (3/3), 2.84 KiB | 2.84 MiB/s, done.
  Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
  remote: GitLab: Force push is blocked by settings overridden by a security policy
  To http://gdk.test:3000/root/small-shape-7315
   ! [remote rejected] main -> main (pre-receive hook declined)
  error: failed to push some refs to 'http://gdk.test:3000/root/small-shape-7315'

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.

Related to #420629 (closed)