Add default scanners for security scan rule policies

Artur Fedorovrequested to merge
583963-policies-defult-preselected-scaners into master

What does this MR do and why?

This merge request adds a "recommended configuration" feature to security scan policy editors. When users create new security scan rules, the system now provides default scanner configurations for common security tools (SAST, secret detection, and dependency scanning) and displays a green "Recommended selection" badge when users stick with these defaults. If users modify the settings, the badge changes to a "Reset to recommended selection" button that allows them to quickly return to the suggested configuration. This helps guide users toward best practices while still allowing customization when needed. The feature is controlled by a feature flag and includes comprehensive test coverage to ensure it works correctly across different scanner types.

References

Screenshots or screen recordings

New policy Existing policy

How to set up and validate locally

  1. Enable feature flag:

    Feature.enable(:security_policies_kev_filter)

  2. Go to Secure -> Policies

  3. New Approval Policy

  4. Select security scan rule

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #583963 (closed)

Edited by Artur Fedorov

Merge request reports