Generate an audit event if policy limits are exceeded

What does this MR do and why?

Record an audit event when security policy limits are exceeded.

References

Related to #550891 (closed)

Screenshot

How to set up and validate locally

1. Enable the feature flag in the Rails console:

   Feature.enable(:collect_policies_limit_audit_events)

2. Switch to admin mode and set up the audit event streaming

• Doc: https://docs.gitlab.com/administration/compliance/audit_event_streaming/#add-a-new-http-destination
• Localhost path: http://gdk.test:3000/admin/audit_logs?tab=streams
• HTTP Listener: https://pipedream.com/ OR https://gitlab.com/imam_h/webhook-inbox

2. Set up a project with security policies exceeding the allowed policy limit:

   • Policy Limit Example

3. Make any changes to the policy project and wait for Security::PersistSecurityPoliciesWorker to execute

   • Alternatively, execute the worker with the configuration ID from Rails Console.

    @project = Project.find_by_fullpath(project_path)
    @configuration = @project.security_orchestration_policy_configuration
    Security::PersistSecurityPoliciesWorker.new.perform(@configuration.id)

4. Wait for the worker ( CollectPoliciesLimitAuditEventsWorker ) to execute. Then verify an audit event of type policies_limit_exceeded is recorded.

Example Audit Event JSON

{
  "id": 751,
  "author_id": 1,
  "entity_id": 28,
  "entity_type": "Project",
  "details": {
    "policy_type": "pipeline_execution_policy",
    "policy_type_limit": 5,
    "policies_count": 8,
    "skipped_policies_count": 3,
    "active_policy_names": [
      "PEP 8",
      "PEP",
      "PEP 2",
      "PEP 3",
      "PEP 4"
    ],
    "skipped_policy_names": [
      "PEP 5",
      "PEP 6",
      "PEP 7"
    ],
    "security_policy_project_commit_sha": "997230b9bac15269a837e6d2467197cb93d80529",
    "security_policy_management_project_id": 28,
    "security_orchestration_policy_configuration_id": 17,
    "security_policy_configured_at": "2025-07-01T17:21:04.037Z",
    "event_name": "policies_limit_exceeded",
    "author_name": "Administrator",
    "author_class": "User",
    "target_id": 28,
    "target_type": "Project",
    "target_details": "Policy Limit",
    "custom_message": "Policies limit exceeded for 'Pipeline execution policy' type. Only the first 5 enabled policies will be applied",
    "ip_address": "172.16.123.1",
    "entity_path": "gitlab-org/policy-limit"
  },
  "ip_address": "172.16.123.1",
  "author_name": "Administrator",
  "entity_path": "gitlab-org/policy-limit",
  "target_details": "Policy Limit",
  "created_at": "2025-07-01T17:21:04.282Z",
  "target_type": "Project",
  "target_id": 28,
  "event_type": "policies_limit_exceeded"
}

## MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #550891 (closed)