Dogfood blocking merge requests by Security and License Compliance

GitLab offers a feature to enforce security policy in merge requests https://docs.gitlab.com/ee/user/application_security/index.html#security-approvals-in-merge-requests-ultimate.

Let's enable this feature in our pipeline and -

• Require additional approval from the security team if SAST/DAST reports a High risk.
• Enable the option to block an MR which would introduce a new dependency that is under a blacklisted license.

Implementation consideration: we may need to decide where it makes sense and possibly iterate project-by-project.