Pipeline execution policy foundation

What does this MR do and why?

This is a Pipeline execution policy PoC that uses dry run to evaluate policy pipelines and merge them into the project pipeline. Policy stages that are not defined in main pipeline will be ignored. In the follow-up, we will add reserved stages which will be injected and adding jobs to these stages will be guaranteed to work.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Policy jobs are merged to the project pipeline:

CleanShot_2024-04-19_at_17.40.43

Error handling - when there's an error in the PEP:

How to set up and validate locally

1. Enable the feature flag echo "Feature.enable(:pipeline_execution_policy_type)" | rails c
2. Create two new projects. One for testing and one as the security policy project
3. On the testing projects left sidebar, select Security & Compliance and Policies
4. Select Edit policy project
5. Select your security policy project and Save
6. On you security policy project, create a new file .gitlab/security-policies/policy.yml with content:

   ---
   pipeline_execution_policy:
   - name: test_pipeline_execution
     description: hey
     enabled: true
     content:
       policy test job:
         stage: test
         script:
         - echo "Hello World"

7. Add a simple .gitlab-ci.yml to the project:

   project job:
     stage: test
     script:
     - echo "Project job."

8. Start a pipeline. It should contain the policy test job defined in the pipeline execution policy.

Related to #441252 (closed) and #455261 (closed).