Bot comment nudge when merge requests require approval
### Problem Statement
As a security approver, there is no notification or standard process for notifying me that an approval is required, which can cause confusion or delays.
As a merge request author, it's not transparent when security policies complete evaluation of my MR and what that means for me, which can cause confusion or delays.
### Release Post
When violations are detected by a security policy, a comment will notify users on the MR that their MR has been evaluated by a security policy and that approval is required to merge.
### User Experience
1. Generate a bot comment after an MR is evaluated by a scan result policy and determined that an approval is required.
2. Notify developer that approval is required, why approval is required, and instruct the developer to assign a reviewer based on the approvers set by the policy (review in the approval widget who is eligible and assign them).
| Bot comment in MR | MR Author reviews MR Widget for eligible security policy approvals | Author assigns reviewers | Reviewers can track open approvals via `Merge requests` |
| ------ | ------ | ------- | -------- |
|  |  |  |  |
epic