Add groups to security policy scope (Iteration 1)
# Overview
First in a number of iterations for improving the navigation and ease of use around policy management. See https://gitlab.com/groups/gitlab-org/-/epics/5446.
# Release notes
You can now scope enforcement of your security policies against groups/subgroups. This scope adds to the existing options to scope to all projects in a group/subgroup, to projects based on a defined project list, and projects matching a list of compliance framework labels.
This gives you further flexibility in enabling policies across your groups, while also being able to apply exceptions to scope projects out of enforcement where necessary.
This improvement also precedes a number of enhancements in https://gitlab.com/groups/gitlab-org/-/epics/5446 that will simply the process of linking security policy projects and granularly scoping enforcement of policies.
# Problem to solve
The compliancy team in large organisations can find using multiple policy projects (per namespace/group/project) a daunting task and would prefer having a more granular control in a centralised repository: 1 to rule them all
# Proposal
Extend the [Security Policy Scope](https://docs.gitlab.com/ee/user/application_security/policies/scan-execution-policies.html#security-policy-scopes) to allow the use of groups/group ids. Currently we only support compliance frameworks and projects, but for large organisation this is too granular
* Allow adding a group to the scope to include for enforcement
* Allow adding groups to the exception/exclusion list -- e.g. enforce against all projects _except_ for projects in group A and Group B.
### Intended users
* [Cameron (Compliance Manager)](https://handbook.gitlab.com/handbook/product/personas/#cameron-compliance-manager)
### Feature Usage Metrics
### Does this feature require an audit event?
epic