FE: Prevent changes in group-level protected branches when policy settings are enabled

Why are we doing this work

Similar to #418745 (closed), we would like to secure group-level Protected Branches from modification or removal when the Scan Result Policy is enabled with the block_unprotecting_branches setting enabled for matching branch.

Because we cannot use the same branch matching flow for groups as we use for projects with block_unprotecting_branches, we are adding a new setting block_group_branch_modification that allows for a different exception flow.

Relevant links

Non-functional requirements

Documentation:
Feature flag: this feature should be released behind feature flag
Performance:
Testing:

Implementation plan

frontend Add a new checkbox (only for group policies) under Protected branch settings for "Prevent group branch modification" with exceptions dropdown (see designs)
frontend Update YAML value accordingly:
- When selected, set block_group_branch_modification: true
- When unselected, set block_group_branch_modification: false
- When exceptions are selected, set:
```
block_group_branch_modification:
  enabled: true
  exceptions: [acme-corp/development]
```
  - try to use branch_exception_selector if it makes sense

Verification steps

Edited Dec 20, 2023 by Alexander Turinske