Apply project approval settings without approver rules

What does this MR do and why?

This MR depends on !133946 (merged) and focuses on fixing the overrides of project approval settings. It also stops creating approval rules for policies which don't define any actions / approvers. It changes how violations are generated for any_merge_request rules so that the project approval settings can be applied on the MR even without approval rules.

It also fixes a situation when a policy targeting unsigned commits doesn't get properly applied after MR with unsigned commits is created.

Screenshots or screen recordings

It applies the approval settings even if there is no approval rule. After changing the policy settings in the DB, "Approve" button becomes available.

CleanShot_2023-10-12_at_17.21.41

How to set up and validate locally

1. In rails console enable the feature flag

   Feature.enable(:scan_result_any_merge_request)

2. Create a policy targeting unsigned commits. Go to Policies -> New scan result policy -> .yaml mode. Example YAML:

   type: scan_result_policy
   name: No actions
   description: ''
   enabled: true
   rules:
     - type: any_merge_request
       branch_type: protected
       commits: any
   approval_settings:
     block_protected_branch_modification: true
     prevent_approval_by_author: true
     prevent_approval_by_commit_author: true
     remove_approvals_with_new_commit: true
     require_password_to_approve: true

3. Go to Settings -> Merge requests -> Disable "Prevent approval by author"
4. Create MR
5. Verify the approval is blocked
6. Go to the policy and set enabled: false & Configure with merge request & Merge
7. The "Approve" button should become available

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.

Related to #418752 (closed)