Tracks which project-level rule an MR-level rule was derived from. - Adds "Reset to project defaults" functionality - Showing users when they've customised a rule - Security policy synchronization (`reset_required_approvals` method) Requirements (validate these during implementation and adjust as needed): - Add to `MergeRequests::ApprovalRule` model: * Add `belongs_to :source_rule` association (self-referential, optional) - `class_name: 'MergeRequests::ApprovalRule'` - `optional: true` * Implement `overridden?` method - Returns `true` if `source_rule.present?` * Update `hook_attrs` method to include: - `modified_from_project_rule: overridden?` Reference: [v2 Approval Rules POC](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/222865)