Allow admins to scope admin-level MR approval settings to compliance-labeled projects
<!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION -->
*This page may contain information related to upcoming products, features and functionality.
It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes.
Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.*
<!-- triage-serverless v3 PLEASE DO NOT REMOVE THIS SECTION -->
<!-- The first three sections: "Problem to solve", "Intended users" and "Proposal", are strongly recommended, while the rest of the sections can be filled out during the problem validation or breakdown phase. However, keep in mind that providing complete and relevant information early helps our product team validate the problem and start working on a solution. -->
### Problem to solve
<!-- What problem do we solve? Try to define the who/what/why of the opportunity as a user story. For example, "As a (who), I want (what), so I can (why/value)." -->
With the iterative implementation of https://gitlab.com/gitlab-org/gitlab/issues/39060 we did not provide a suitable way to control the scope of these settings. When enabling these settings, they are inherited by all projects in an instance. Organizations with regulated projects tend to also have projects that are not regulated and therefore should not inherit these strict controls.
**Problem:** As an `administrator`, I want to be able to selectively apply these controls only to regulated projects, so that I can retain flexibility for my teams in unregulated projects while still meeting my compliance requirements.
### Intended users
* [Sidney (Systems Administrator)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sidney-systems-administrator)
* The management stakeholders who adhere to any auditing process. To be defined in a new [Compliance Persona](https://gitlab.com/gitlab-org/ux-research/issues/546)
### Further details
<!-- Include use cases, benefits, goals, or any other details that will help us understand the problem better. -->
After implementing https://gitlab.com/gitlab-org/gitlab/issues/39060, we're now focused on narrowing the scope of these settings (currently applies to all projects in an instance) to allow for more granular control. Not all projects in a GitLab instance are regulated for all users. In many cases, only a subset of projects need stringent controls in place for MR approvals.
Before we can implement this feature, we'll need to ship https://gitlab.com/gitlab-org/gitlab/issues/118671 so we have a signal with which to refine the scope of these settings.
### Proposal
<!-- How are we going to solve the problem? Try to include the user journey! https://about.gitlab.com/handbook/journeys/#user-journey -->
Add an optional selection criteria to https://gitlab.com/gitlab-org/gitlab/issues/39060 to allow `admins` to specify what compliance projects to inherit the settings to. For example:
* **Enable approvals by the author**
* 🚥 Allow a merge request author to approve their own merge requests.
* **Enable approval by committers**
* 🚥 Allow a merge request committer to approve the merge request they've committed.
* **Enable approvers list modification**
* 🚥 Allow owners and maintainers to modify the approver list for merge requests and override approvals at the individual merge request level.
**These settings will apply to all projects unless you limit the scope to specific project compliance labels:**
- [X] SOX
- [X] PCI-DSS
- [ ] HIPAA
### Prototype and Mockups
[**Figma prototype**](https://www.figma.com/file/CnUPDuQIWz8z2F4DVrjcfj/213601-Allow-admins-to-scope-MR-approval-settings?node-id=4%3A368)

### Permissions and Security
<!-- What permissions are required to perform the described actions? Are they consistent with the existing permissions as documented for users, groups, and projects as appropriate? Is the proposed behavior consistent between the UI, API, and other access methods (e.g. email replies)?-->
Only `administrators` can access and modify this setting
### Documentation
<!-- See the Feature Change Documentation Workflow https://docs.gitlab.com/ee/development/documentation/feature-change-workflow.html
* Add all known Documentation Requirements in this section. See https://docs.gitlab.com/ee/development/documentation/feature-change-workflow.html#documentation-requirements
* If this feature requires changing permissions, update the permissions document. See https://docs.gitlab.com/ee/user/permissions.html -->
### Availability & Testing
<!-- This section needs to be retained and filled in during the workflow planning breakdown phase of this feature proposal, if not earlier.
What risks does this change pose to our availability? How might it affect the quality of the product? What additional test coverage or changes to tests will be needed? Will it require cross-browser testing?
Please list the test areas (unit, integration and end-to-end) that needs to be added or updated to ensure that this feature will work as intended. Please use the list below as guidance.
* Unit test changes
* Integration test changes
* End-to-end test change
See the test engineering planning process and reach out to your counterpart Software Engineer in Test for assistance: https://about.gitlab.com/handbook/engineering/quality/test-engineering/#test-planning -->
### What does success look like, and how can we measure that?
<!-- Define both the success metrics and acceptance criteria. Note that success metrics indicate the desired business outcomes, while acceptance criteria indicate when the solution is working correctly. If there is no way to measure success, link to an issue that will implement a way to measure this. -->
### What is the type of buyer?
<!-- What is the buyer persona for this feature? See https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/buyer-persona/
In which enterprise tier should this feature go? See https://about.gitlab.com/handbook/product/pricing/#four-tiers -->
### Is this a cross-stage feature?
<!-- Communicate if this change will affect multiple Stage Groups or product areas. We recommend always start with the assumption that a feature request will have an impact into another Group. Loop in the most relevant PM and Product Designer from that Group to provide strategic support to help align the Group's broader plan and vision, as well as to avoid UX and technical debt. https://about.gitlab.com/handbook/product/#cross-stage-features -->
### Links / references
epic