Apply scan result policies to existing open MRs

What does this MR do and why?

Currently, scan approval policies only apply to newly created or updated merge requests.

This MR changes this and applies scan approval policies to all opened merge requests.

This happens:

• Periodically by CreateOrchestrationPolicyWorker
• Once a merge request is merged by MergeRequests::PostMergeService

How to set up and validate locally

1. Create a new project

2. Push a new branch and open a merge request.

3. Navigate to Security & Compliance > Policies, click New Policy

4. Create a new Scan result policy

5. Merge the resulting Update scan policies MR on the security policy project

6. Verify the policy was applied to the MR:

   project = Project.last(2).first # last one is the security policy project
   project.merge_requests.first.approval_rules.scan_finding
   # => [...]

7. Create another policy and verify it was applied:

   project.merge_requests.first.approval_rules.scan_finding.count # => 2

8. Edit and delete policies and verify the MR approval rule attributes change accordingly

New queries

postgres.ai

-- /ee/app/workers/concerns/update_orchestration_policy_configuration.rb:23
DELETE FROM 
  "approval_merge_request_rules" 
WHERE 
  "approval_merge_request_rules"."id" IN(
    SELECT 
      "approval_merge_request_rules"."id" 
    FROM 
      "approval_merge_request_rules" 
      INNER JOIN "merge_requests" ON "approval_merge_request_rules"."merge_request_id" = "merge_requests"."id" 
    WHERE 
      "merge_requests"."target_project_id" = 35549088 
      AND "approval_merge_request_rules"."report_type" = 4
  )

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.

Related to #364841 (closed)