Secret Detection False Positive Detection - Add permission AppSec Team to enable FP
## TL;DR
Extend the Security Manager permission model to allow Security Managers to toggle Secret Detection False Positive Detection settings at the project level, without requiring Maintainer/Owner roles.
We want to replicate the same pattern established for SAST VR (https://gitlab.com/groups/gitlab-org/-/work_items/21971 and https://gitlab.com/gitlab-org/gitlab/-/merge_requests/239266) and SAST FP Detection (https://gitlab.com/groups/gitlab-org/-/work_items/22422).
## Scope
### In Scope
* Extend `update_sec_ai_workflow_settings` permission to cover `duo_secret_detection_fp_enabled` setting
### Out of Scope
* Group/subgroup/organization/instance level configuration (covered by [&21766](https://gitlab.com/groups/gitlab-org/-/work_items/21766))
* Custom roles support for the permission
* Changes to the Vulnerability Details page FP detection action button
* New permissions or roles beyond what was established for SAST VR
* Redesigning the GitLab role model
## Phase
This is Iteration 3 of the parent epic, following the SAST FP Detection permission work in Iteration 2.
**Epic Phase:** Phase 3
**Parent Epic:** https://gitlab.com/groups/gitlab-org/-/work_items/21725
## Problem Statement
Security Managers can now toggle SAST Vulnerability Resolution settings (per [&21971](https://gitlab.com/groups/gitlab-org/-/work_items/21971)) and SAST False Positive Detection (per [&22422](https://gitlab.com/groups/gitlab-org/-/work_items/22422)), but they still cannot enable/disable Secret Detection False Positive Detection without Maintainer/Owner access. With this epic we are creating the permission for them to do this.
## Proposed Approach
Replicate the exact pattern established in [gitlab!239266](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/239266) and the SAST FP Detection work.
## Feature Flag
- [X] Required
**Flag name:** `update_secret_detection_fp_setting_permission`
**Default state:** Disabled
**Rollout plan:** Gradual rollout following the same pattern as SAST FP Detection.
## Success Criteria
- [ ] Security Manager can update `duo_secret_detection_fp_enabled` via REST `PUT /projects/:id` without Maintainer/Owner
- [ ] Security Manager can update `duo_secret_detection_fp_enabled` via GraphQL `projectSettingsUpdate` mutation without Maintainer/Owner
- [ ] Users without the permission receive 403/404 error
- [ ] Audit event is recorded on setting change
## Dependencies
- Reference: [&22422](https://gitlab.com/groups/gitlab-org/-/work_items/22422) (SAST FP Detection pattern)
## Resources
- Reference MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/239266
- Parent epic: https://gitlab.com/groups/gitlab-org/-/work_items/21725
epic