Add approval policy rules and projects link table

What does this MR do and why?

As a part of Use database read model for merge request appr... (&9971) we are moving the policies to the database table security_policies. The rules from the policy is persisted into approval_policy_rules. The approval_policy_rules are mapped to ApprovalProjectRule & ApprovalMergeRequestRule to enforce approvals. To get the approval_policy_rules for a given project, it is not straightforward to query as a policy can be mapped to a group too.

This MR adds a new table approval_policy_rule_project_links to store the link between a project and its approval_policy_rules for efficient lookup.

erDiagram
    security_policies ||--o{ approval_policy_rules : " "
    approval_policy_rules ||--|| approval_project_rules : " "
    approval_policy_rules ||--o{ approval_merge_request_rules : " "
    approval_policy_rules ||--o{ approval_policy_rule_project_links : " "
    approval_policy_rule_project_links ||--o{ projects : " "
    approval_project_rules ||--o{ projects : " "

    security_policies {
        int security_orchestration_policy_configuration_id
    }
    approval_policy_rules {
        int security_policy_id
    }
    approval_project_rules {
        int project_id
        int approval_policy_rule_id
    }
    approval_merge_request_rules {
        int merge_request_id
        int approval_policy_rule_id
    }
    approval_policy_rule_project_links {
        int project_id
        int approval_policy_rule_id
    }
    projects {
        int id
    }

Migration Output

main: == [advisory_lock_connection] object_id: 132640, pg_backend_pid: 88947
main: == 20240705083121 CreateApprovalPolicyRuleProjectLinks: migrating =============
main: -- create_table(:approval_policy_rule_project_links)
main:    -> 0.0301s
main: == 20240705083121 CreateApprovalPolicyRuleProjectLinks: migrated (0.1223s) ====
main: == [advisory_lock_connection] object_id: 132640, pg_backend_pid: 88947


main: == [advisory_lock_connection] object_id: 133080, pg_backend_pid: 88952
main: == 20240705083319 AddProjectIdFkToApprovalPolicyRuleProjectLinks: migrating ===
main: -- transaction_open?(nil)
main:    -> 0.0000s
main: -- transaction_open?(nil)
main:    -> 0.0000s
main: -- execute("ALTER TABLE approval_policy_rule_project_links ADD CONSTRAINT fk_9ed5cf0600 FOREIGN KEY (project_id) REFERENCES projects (id) ON DELETE CASCADE NOT VALID;")
main:    -> 0.0065s
main: -- execute("SET statement_timeout TO 0")
main:    -> 0.0013s
main: -- execute("ALTER TABLE approval_policy_rule_project_links VALIDATE CONSTRAINT fk_9ed5cf0600;")
main:    -> 0.0101s
main: -- execute("RESET statement_timeout")
main:    -> 0.0013s
main: == 20240705083319 AddProjectIdFkToApprovalPolicyRuleProjectLinks: migrated (0.0687s) 
main: == [advisory_lock_connection] object_id: 133080, pg_backend_pid: 88952


main: == [advisory_lock_connection] object_id: 143180, pg_backend_pid: 88958
main: == 20240705083349 AddRuleIdFkToApprovalPolicyRuleProjectLinks: migrating ======
main: -- transaction_open?(nil)
main:    -> 0.0000s
main: -- transaction_open?(nil)
main:    -> 0.0000s
main: -- execute("ALTER TABLE approval_policy_rule_project_links ADD CONSTRAINT fk_1c78796d52 FOREIGN KEY (approval_policy_rule_id) REFERENCES approval_policy_rules (id) ON DELETE CASCADE NOT VALID;")
main:    -> 0.0024s
main: -- execute("SET statement_timeout TO 0")
main:    -> 0.0015s
main: -- execute("ALTER TABLE approval_policy_rule_project_links VALIDATE CONSTRAINT fk_1c78796d52;")
main:    -> 0.0044s
main: -- execute("RESET statement_timeout")
main:    -> 0.0009s
main: == 20240705083349 AddRuleIdFkToApprovalPolicyRuleProjectLinks: migrated (0.0844s) 
main: == [advisory_lock_connection] object_id: 143180, pg_backend_pid: 88958

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Addresses #464034 (closed)