Apply compliance controls to projects
### Problem to Solve
Organizations operate within a specific industry or multiple industries. Those industries are regulated by legal and regulatory frameworks. GitLab customers (organizations) have created policies and procedures to comply with these compliance frameworks. In order to support our customers, GitLab must provided easy, intuitive ways for them to apply specific compliance controls to projects to ensure those projects adhere to the defined policies of the organization.
I've rearranged this discovery to break the feature down into smaller pieces. Please see the [discovery issue](https://gitlab.com/gitlab-org/gitlab/issues/198665) for context on this epic.
### Use Cases
* I want to configure merge request approvals and know that this setting cannot be changed by individuals without the proper authority to do so. :point_right_tone1: https://gitlab.com/gitlab-org/gitlab/issues/118671
* I want all merge requests to pass certain "compliance checks" before they can be approved. :point_right_tone1: https://gitlab.com/gitlab-org/gitlab/issues/34830
* I need to know when Low and Medium vulnerabilities are accepted and see an issue detailing the risk assessment and acceptance criteria.
* I need all actions and activity to generate evidence artifacts, especially for merge requests that deploy code to production.
### TODOs
- [ ] Complete [UXR](https://gitlab.com/groups/gitlab-org/-/epics/2498) to validate this direction
- [x] Review the [MVC issue description](https://gitlab.com/gitlab-org/gitlab/issues/118671) and update as needed
- [ ] Complete design for the [initial MVC](https://gitlab.com/gitlab-org/gitlab/issues/118671)
- [ ] Validate the design with interested customers
- [ ] Make final adjustments to implementation/MVC issue
- [ ] Reassure myself everything will be fine :fire:
- [ ] Schedule the MVC for `%milestone` (currently %"13.0")
- [ ] :beer: :beer: :sleeping: :beer:
epic