Upgrading role of member will remove them from approval rules

Summary

When an existing member is an approver of an approver rule and their role is upgraded (e.g. Maintainer to Owner), they will be removed as approver of an approval rule when their role gets upgraded.

Steps to reproduce

1. Add member as Maintainer of project.
2. Add member as approver of an approval rule.
3. Create a MR.
4. Update role of member (via API or web UI).
5. Refresh MR and see that the member will be removed from approval rule. This can also be seen on the project settings as the user will also be removed from project-level rule.

What is the current bug behavior?

The member will be removed as approver of approval rule.

What is the expected correct behavior?

The member must not be removed as approver of approval rule.

Possible fixes

Update ProjectAuthorizations::Changes#publish_removed_event to not publish ProjectAuthorizations::AuthorizationsRemovedEvent when user from removed_user_ids is also being added in authorizations_to_add.

Or:

Filter the user_ids_to_remove in https://gitlab.com/gitlab-org/gitlab/-/blob/e15624c31690f1092d534e58a3e7a3c1c310e9b3/app/services/authorized_project_update/project_recalculate_service.rb#L69 to not include users that are also present in authorizations_to_create. Confirm this if this will not cause an issue as this means we're not deleting the old project authorization record.