Run pipelines for GitHub pull requests

What does this MR do?

This MR introduces support for only/except: external_pull_requests when using the project for CI/CD only with a GitHub repository. When using only/except: external_pull_requests we allow jobs to be created for a pipeline if a GitHub pull request is open for the given ref.

This MR is an alternative approach to https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/31289

When using a mirror for CI/CD only we register a pull_request webhook. When a pull_request webhook is received for the pull request being created, if the repository already contains the SHA related to the pull request, we create immediately a new pipeline. Otherwise we store the pull request info for when changes are pushed to branches. When changes are pushed to branches we check if any pull requests are opened for the given ref and create pipelines for pull requests.

Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/65139

CE port: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/31802

Does this MR meet the acceptance criteria?

Conformity

• Changelog entry
• Documentation created/updated or follow-up review issue created
• Code review guidelines
• Merge request performance guidelines
• Style guides
• Database guides
• Separation of EE specific content

Performance and testing

• Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
• Tested in all supported browsers

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

• Label as security and @ mention @gitlab-com/gl-security/appsec
• The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
• Security reports checked/validated by a reviewer from the AppSec team

End-To-End test

• create new project as CI/CD for external repo
• select GitHub as option
• import repository
• ensure that on GitHub both push and pull_request webhooks are registered
• GitHub integration should also be active
• add a .gitlab-ci.yml on GitHub repository containg

always-run:
  script: echo 'this should always run'
  
on-pull-requests:
  script: echo 'this should run on pull requests'
  only:
    - external_pull_requests

except-pull-requests:
  script: echo 'this should not run on pull requests'
  except:
    - external_pull_requests

• push changes to a new branch
• if push webhook updates the mirror we should see a pipeline creating jobs always-run and except-pull-requests
• open a pull request on GitHub
• if pull request webhook is sent we should see a pipeline creating jobs always-run and only-pull-requests
• when pushing new changes to the same branch we should see a pipeline created with always-run and only-pull-requests jobs for as long as the pull request remains open
• close the pull request, should not trigger any pipelines
• when pushing new changes to the same branch, this time, we should see a pipeline with always-run and except-pull-requests

TODO

• always update ExternalPullRequest on pull request webhook as the source/target sha may change
• if push and pull_request webhooks are sent together but