Generate an audit event if policy.yml is invalidated

What does this MR do and why?

Collect an audit event when security policy.yml has been invalidated in the security policy project.

References

#550892 (closed)

Screenshots or screen recordings

How to set up and validate locally

1. Enable the feature flag from command line:

   rails runner "Feature.enable(:collect_policy_yaml_invalidated_audit_event)"

2. Switch to admin mode and set up the audit event streaming

• Doc: https://docs.gitlab.com/administration/compliance/audit_event_streaming/#add-a-new-http-destination
• Localhost path: http://gdk.test:3000/admin/audit_logs?tab=streams
• HTTP Listener: https://pipedream.com/ OR https://gitlab.com/imam_h/webhook-inbox

2. Create a project
3. Navigate to "Secure => Policies" and create a security policy with a merge request.
4. Manually edit the policy.yml in the merge request and make it invalid
5. Merge the MR with invalid policy.yml file
6. Verify an audit event of type policy_yaml_invalidated is recorded.
   • Both in the streaming destination and in the security policy project

Example Audit Event JSON

{
  "id": 1518,
  "author_id": 1,
  "entity_id": 23,
  "entity_type": "Project",
  "details": {
    "security_policy_project_commit_sha": "9921659a8173428bba59167766cd54ab473eb663",
    "security_orchestration_policy_configuration_id": 36,
    "event_name": "policy_yaml_invalidated",
    "author_name": "Administrator",
    "author_class": "User",
    "target_id": 23,
    "target_type": "Project",
    "target_details": "Project Two - Security policy project - Security policy project",
    "custom_message": "The policy YAML has been invalidated in the security policy project. Security policies will no longer be enforced.",
    "ip_address": "172.16.123.1",
    "entity_path": "gitlab-org/project-two-security-policy-project-security-policy-project"
  },
  "ip_address": "172.16.123.1",
  "author_name": "Administrator",
  "entity_path": "gitlab-org/project-two-security-policy-project-security-policy-project",
  "target_details": "Project Two - Security policy project - Security policy project",
  "created_at": "2025-07-04T16:03:20.765Z",
  "target_type": "Project",
  "target_id": 23,
  "event_type": "policy_yaml_invalidated"
}

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #550892 (closed)