Unblock fail-open `license_scanning` rules without target pipeline

What does this MR do and why?

Unblocks fail-open license_scanning rules when the MR target branch lacks Dependency Scanning (#456115 (closed)).

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

• Create a new project and enable the feature flag:

  Feature.enable(:merge_request_approval_policies_fallback_behavior, Project.last)

• Add a second Owner member to the project.

• Navigate to Secure > Policies and create the following approval policies:

  type: approval_policy
  name: Deny MIT Fail Open
  enabled: true
  fallback_behavior:
    fail: open
  rules:
  - type: license_finding
    match_on_inclusion: true
    license_types:
    - MIT
    license_states:
    - newly_detected
    branch_type: protected
  actions:
  - type: require_approval
    approvals_required: 1
    role_approvers:
      - owner

  type: approval_policy
  name: Deny MIT Fail Closed
  enabled: true
  rules:
  - type: license_finding
    match_on_inclusion: true
    license_types:
    - MIT
    license_states:
    - newly_detected
    branch_type: protected
  actions:
  - type: require_approval
    approvals_required: 1
    role_approvers:
      - owner

• Create a new MR that adds the following files:

  • Gemfile.lock:

    GEM
      remote: https://rubygems.org/
      specs:
        rack (3.0.10)
    
    PLATFORMS
      arm64-darwin-22
      ruby
    
    DEPENDENCIES
      rack
    
    BUNDLED WITH
       2.5.4

  • .gitlab-ci.yml

    include:
      - template: Jobs/Dependency-Scanning.gitlab-ci.yml

• Verify that only the Deny MIT Fail Closed rule requires approval.

• Disable the feature flag and push an unrelated file to the MR source branch, then verify that both rules require approval.

Related to #451784 (closed), #456115 (closed)