Add "Manage Compliance Framework" as a customizable permission

Release notes

The default role Owner is required to manage compliance framework settings which can lead to an overprivileged user. With the release of this permission, you can create a custom role and set the permission specifically on the user.

Background

Today, a user must be a project owner to assign a compliance framework labels and group owners are only able to create and manage compliance frameworks.

This results in teams escalating a security or compliance manager to owner role, therefore the user is over-privileged.

Proposal and User Experience

1. When creating a role, any base can be selected. A new permission is available and labeled "Manage Compliance Frameworks" that can be selected.
2. This permission admin_compliance_framework gives them the ability to:
   1. Create, Read, Update, and Delete the compliance framework at the group level
   2. Set the default framework label at the group level.
   3. Assign the compliance framework at the project level.
   4. Assign the compliance framework on a project on the Compliance Center.

API for reference

• https://docs.gitlab.com/ee/api/graphql/reference/index.html#mutationcreatecomplianceframework
• https://docs.gitlab.com/ee/api/graphql/reference/index.html#mutationdestroycomplianceframework
• https://docs.gitlab.com/ee/api/graphql/reference/index.html#mutationdestroycomplianceframework
• https://docs.gitlab.com/ee/api/graphql/reference/index.html#mutationprojectsetcomplianceframework

Views include:

• Base + permission: Can see Group Settings -> General -> "Compliance frameworks" section -> Manage Framework
• Base + permission: Can see Project Settings -> General -> "Compliance framework" section -> Assign Project
• Base + permission: Can see Compliance Center -> Projects -> Edit Compliance Framework Label on Project

Evidence

• #391760 (comment 1364396925)
• #391760 (comment 1563798208)
• #411502 (comment 1448497237)
• #391760 (comment 1307836412)
• &11156

Documentation

• Permission Title: Manage Compliance Frameworks
• Permission Description: Create, view, edit, and delete compliance frameworks. Also ability to assign a compliance framework label on a project and set default framework on a group.

Implementation Plan

1. The following abilities are in question for implementing this feature: manage_compliance_framework, admin_compliance_framework, read_compliance_framework, admin_compliance_pipeline_configuration, manage_group_level_compliance_pipeline_config.
2. We should probably merge manage_compliance_framework policy into admin_compliance_framework as technically both of these are same and require a user to be the group owner.
3. Need to follow the steps in this doc for adding a new ability and should also take help from the MRs shared for reference in the doc.