Add mutation to bypass security policies

What does this MR do and why?

As a part of BE: Extend policy bypass option to include user... (#549797 - closed), we want to allow users/groups to bypass the approvals and branch protection enforced through security policy. This can be done at 2 levels:

• Merge Request: An user/group can bypass the approvals by providing a reason from the MR UI. The reason will be persisted in approval_policy_merge_request_bypass_events introduced with !199151 (merged)
• Branch Push: An user can push to a branch with push protection (protected branch and branch protection from MR approval policy) through a git push options (something like --push-option security_policy.bypass_reason='reason')

This MR adds the logic to check the users/groups/roles before bypassing the branch protection and processes the bypass reason from push option.

• 1️⃣ Add security policy bypass push option (!200025 - merged)
• 2️⃣ Extend policy bypass checker with users, roles ... (!201001 - merged)
• 3️⃣ 👉 Add mutation to bypass security policies (!205601 - merged)

References

• Architecture Design Document
• BE: Extend policy bypass option to include user... (#549797 - closed)

Screenshots or screen recordings

Error states

Success state

Audit Event

How to set up and validate locally

• Enable security_policies_bypass_options_mr_widget and security_policies_bypass_options_group_roles feature flags
• Create a group and create a security policy with a user in bypass settings:

approval_policy:
- name: Policy Bypass - Users
  description: ''
  enabled: true
  policy_scope:
    projects:
      excluding: []
  rules:
  - type: any_merge_request
    branch_type: protected
    commits: any
  actions:
  - type: require_approval
    approvals_required: 1
    role_approvers:
    - maintainer
  - type: send_bot_message
    enabled: true
  approval_settings:
    block_branch_modification: true
    block_group_branch_modification: true
    prevent_pushing_and_force_pushing: true
    prevent_approval_by_author: true
    prevent_approval_by_commit_author: true
    remove_approvals_with_new_commit: true
    require_password_to_approve: false
  fallback_behavior:
    fail: closed
  bypass_settings:
    users:
    - id: 1

• Create a project in the group and create an MR
• Verify the MR requires approval
• Go go /-/graphql-explorer and call the mutation:

mutation {
  mergeRequestBypassSecurityPolicy(input:{
    projectPath:"bypass-settings-2/project-a",
    iid:"1",
    reason:"Hotfix",
    securityPolicyIds:["96"]
  }) {
    errors
  }
}

• Go to the security policy project -> Secure -> Audit Events and verify that the bypass is logged

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #549797 (closed)