Add metadata to security policies

What does this MR do and why?

This MR adds metadata to security policies to allow us to store custom key-value pairs that can help us identify ie. source of given policy. Initially we want to test if we can use it to mark policies as created as a part of migration from Compliance Pipelines.

For now, we will not update the documentation; even though users will be able to use it, we do not want to guarantee that it will be like this in the long term. We need to understand if this is efficient and performs well.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Migration Output

main: == [advisory_lock_connection] object_id: 142400, pg_backend_pid: 13868
main: == 20240815102415 AddMetadataColumnToSecurityPolicies: migrating ==============
main: -- add_column(:security_policies, :metadata, :jsonb, {:default=>{}, :null=>false})
main:    -> 0.0056s
main: == 20240815102415 AddMetadataColumnToSecurityPolicies: migrated (0.0146s) =====

How to set up and validate locally

• Create a security policy for a project/group with metadata by going to .yaml mode in the policy editor

type: scan_execution_policy
name: Test Policy
description: ''
enabled: true
metadata:
  test: true
rules:
  - type: pipeline
    branches:
      - '*'
actions:
  - scan: secret_detection

• Now try to update metadata with invalid values like nested object and observe the error:

metadata:
  test: 
    test: true

Related to #479284 (closed)