Make `workflow:rules` work well with Merge Requests

What does this MR do?

Resolves #31685 (closed)

This improves workflow:rules behavior to allow workflow rules to control when pipeline is created.

For, example it allows to define a global workflow to create pipelines on a branch, and on a merge request in an easy way without the need to re-invent that multiple times for each job.

To make the below workflow easy, this MR adds a simple variable: CI_COMMIT_BRANCH.

Example

1. This example shows a rule that would only run the entire pipeline if the ref is a branch (i.e., not a tag and not an MR):

workflow:
  rules:
    - if: $CI_COMMIT_BRANCH

rspec:
  script: echo Hello World

2. This example would only run the pipeline if there is a tag applied:

workflow:
  rules:
    - if: $CI_COMMIT_TAG

rspec:
  script: echo Hello World

3. This example will run a pipeline if the branch is 'master', or if there is a tag applied, or if this pipeline is for a merge request. Note that multiple if entries are treated as OR:

workflow:
  rules:
    - if: $CI_COMMIT_BRANCH == 'master' 
    - if: $CI_COMMIT_TAG 
    - if: $CI_MERGE_REQUEST_IID  

rspec:
  script: echo Hello World

Previously

Previously, these rules would have to be applied over and over again on each job to achieve the desired result. Now, we can evaluate these at the workflow level and avoid this duplication.

This is also the advised way to configure usage of Merge Request pipelines.

workflow: keyword name

We chose the name workflow: for the keyword because, with child/parent pipelines and other potential future features, a single .gitlab-ci.yml can represent what will be instantiated as multiple pipelines. A pipeline: keyword in this scenario would be confusing, but a workflow represents this complete combination of potential jobs and pipelines that are represented by a single .gitlab-ci.yml.

Does this MR meet the acceptance criteria?

Conformity

• Changelog entry
• Documentation (if required)
• Code review guidelines
• Merge request performance guidelines
• Style guides
• Database guides
• Separation of EE specific content

Availability and Testing

• Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
• Tested in all supported browsers

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

• Label as security and @ mention @gitlab-com/gl-security/appsec
• The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
• Security reports checked/validated by a reviewer from the AppSec team