Existing security policies are accessible in premium plans

Description:

Scan result policy approval requirements are still enforced for merge requests (MRs) on premium plans even after the plan is downgraded to premium plan, even though the policies are no longer accessible.

Steps to reproduce:

• Configure a scan result policy that requires approvals for MRs in the secure -> policies page on an ultimate plan.
• Create an MR and notice that the policy is applied and requires approval.
• Downgrade the plan to premium.
• Create a new MR.
• Observe that the scan result policy approval requirement is still enforced and the MR requires approval.

Expected behavior:

After downgrading the plan to premium, the scan result policy approval requirement should no longer be enforced and MRs should not require approval as the security policies are dedicated to ultimate subscriptions.

Actual behavior:

The scan result policy approval requirement is still enforced even after downgrading the plan to premium.

Workaround

Permanently delete the security policy project. Deleting the first time round would schedule it for deletion, it needs to be deleted completely.