Add branch exceptions to bypass_settings in MR approval policy

What does this MR do and why?

This MR moves the branch_exceptions from the rules section of a policy to bypass_settings to stay consistent with the UI design. Branch exceptions was initially added in !191829 (merged) behind approval_policy_branch_exceptions FF, so updating the policy schema will not break existing policies.

References

• &14090 (comment 2557423748)

Screenshots or screen recordings

Before	After

How to set up and validate locally

• Create a project
• Create an MR approval policy by editing in the YAML editor:

approval_policy:
  - name: Any MR Rules
    description: ''
    enabled: true
    rules:
      - type: any_merge_request
        branch_type: protected
        commits: any
    actions:
      - type: require_approval
        approvals_required: 1
        role_approvers:
          - maintainer
      - type: send_bot_message
        enabled: true
    approval_settings:
      block_branch_modification: true
      prevent_pushing_and_force_pushing: true
      prevent_approval_by_author: true
      prevent_approval_by_commit_author: true
      remove_approvals_with_new_commit: true
      require_password_to_approve: false
    fallback_behavior:
      fail: closed
    bypass_settings:
      branches:
        - source:
            name: release
          target:
            name: main

• Enable approval_policy_branch_exceptions feature flag for the security policy project
• Create a branch (release)
• Create an MR with release as the source branch and main as the target branch and observe that the approval is not required
• Create an MR with another branch and observe that the approval is required

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.