WIP: Add scope :subject for prometheus_alerts policy

What does this MR do?

This MRs adds a missing with_scope :subject to the prometheus_alerts policy.

Not sure why it was removed in 681f2ee5 and why the specs still pass, though.

It's probably something about scope caching as described in https://docs.gitlab.com/ee/development/policies.html#scope:

DANGER: If you use a :scope option when the condition actually uses data from both user and subject (including a simple anonymous check!) your result will be cached at too global of a scope and will result in cache bugs.

Does this MR meet the acceptance criteria?

Conformity

• [-] Changelog entry
• [-] Documentation (if required)
• Code review guidelines
• Merge request performance guidelines
• Style guides
• [-] Database guides
• Separation of EE specific content

Availability and Testing

• [-] Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
• [-] Tested in all supported browsers
• [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

• [-] Label as security and @ mention @gitlab-com/gl-security/appsec
• [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
• [-] Security reports checked/validated by a reviewer from the AppSec team