Bot comment nudge when merge requests require approval
### Problem Statement As a security approver, there is no notification or standard process for notifying me that an approval is required, which can cause confusion or delays. As a merge request author, it's not transparent when security policies complete evaluation of my MR and what that means for me, which can cause confusion or delays. ### Release Post When violations are detected by a security policy, a comment will notify users on the MR that their MR has been evaluated by a security policy and that approval is required to merge. ### User Experience 1. Generate a bot comment after an MR is evaluated by a scan result policy and determined that an approval is required. 2. Notify developer that approval is required, why approval is required, and instruct the developer to assign a reviewer based on the approvers set by the policy (review in the approval widget who is eligible and assign them). | Bot comment in MR | MR Author reviews MR Widget for eligible security policy approvals | Author assigns reviewers | Reviewers can track open approvals via `Merge requests` | | ------ | ------ | ------- | -------- | | ![image](/uploads/5f177bb6731d2faaec527f871ced3338/image.png) | ![image](/uploads/21bda92e59bad9930b89781e2c726b95/image.png) | ![image](/uploads/14e0a2a4125bd56b66891a6d0cb0d6bf/image.png) | ![image](/uploads/ae06ea7263bf778b03eee3f00d78d130/image.png) |
epic