Sync scan result policies when project is assigned to a group

What does this MR do and why?

Addresses #384064 (closed)

This MR fixes a bug when a project is created within a group, the approval rules from scan result policies are not applied to the new project resulting in MR approval rules not applied to new MR created in the project. The fix is to call Security::ProcessScanResultPolicyWorker to sync approval rules for project.

This MR also handles project transfer from one namespace to another: the security policy project linked to the project would be unassigned and the approval rules from scan result policies would be deleted. This is done because the approvers configured in the scan result policy may not have access to the new namespace of the project. More context regarding this in #384064 (comment 1209255966)

How to set up and validate locally

1. Create new group
2. Create Scan Result Policy in this group (Security & Compliance -> Policies -> Create new policy)
3. Create new project in this group, configure gitlab-ci.yml file to include security job (like Jobs/Container-Scanning.gitlab-ci.yml with DOCKER_FILE variable as nginx:1.18.0)
4. Create new MR in the project that modifies the gitlab-ci.yml file (change value of DOCKER_FILE to nginx:1.19.0), see that Approval Rules are applied on this MR.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.