Draft: PoC: refactor CI policies to be more explicit

Related to #552346 (closed)

This code change refactors and improves the permission system for CI/CD jobs and pipeline triggers in a GitLab-like application. The main changes include:

Permission Renaming & Consolidation: Several generic permissions like update_build, admin_build, and manage_trigger are being replaced with more specific, descriptive permissions such as play_job, retry_job, manage_job_artifacts, and manage_pipeline_trigger. This makes it clearer what each permission actually allows users to do.

Code Organization: A new ProcessablePolicy class is introduced to better organize shared permission logic between different types of CI jobs (builds and bridges), reducing code duplication and making the permission structure more maintainable.

Security Improvements: The changes add more granular permission checks, particularly around job artifact management and pipeline triggers, ensuring users only have access to the specific actions they're authorized to perform.

Technical Debt Reduction: The code includes TODO comments indicating areas that need further cleanup, showing this is part of a larger effort to modernize the permission system. Some legacy permission names are kept temporarily to avoid breaking existing functionality.

Overall, this refactoring makes the permission system more secure, easier to understand, and better organized while maintaining backward compatibility during the transition period.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.