feat(github): add check to ensure previous approvals are dismissed when updates are introduced

[raajheshkannaa]

Description

Add a new GitHub provider check repository_default_branch_dismiss_stale_reviews_enabled to verify that repositories have the Dismiss stale pull request approvals when new commits are pushed setting enabled on their default branch protection rules.

This implements CIS Control 1.1.4, ensuring that once a code change proposal is updated, all previously granted approvals are invalidated and fresh reviews are required.

Changes

• Added dismiss_stale_reviews field to the Branch model in repository_service.py
• Created check implementation following existing GitHub check patterns
• Created metadata with severity, categories (ci-cd, software-supply-chain), and remediation steps (CLI, console, Terraform)
• Added 4 unit tests: no repos, disabled (FAIL), enabled (PASS), None/unknown (skipped)
• All 78 existing GitHub repository tests pass (zero regressions)

Documentation

• CIS Control 1.1.4
• GitHub Docs: Dismiss stale reviews

Fixes #8660

[github-actions]

✅ Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

[codecov]

Codecov Report

❌ Patch coverage is 90.00000% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 78.04%. Comparing base (e4b2950) to head (6e0f430).
⚠️ Report is 5 commits behind head on master.

❗ There is a different number of reports uploaded between BASE (e4b2950) and HEAD (6e0f430). Click for more details.

HEAD has 1 upload less than BASE

Flag	BASE (e4b2950)	HEAD (6e0f430)
api	1	0

Additional details and impacted files

@@             Coverage Diff             @@
##           master   #10656       +/-   ##
===========================================
- Coverage   93.60%   78.04%   -15.57%     
===========================================
  Files         227       33      -194     
  Lines       31906     1143    -30763     
===========================================
- Hits        29867      892    -28975     
+ Misses       2039      251     -1788     

Flag	Coverage Δ
api	?
prowler-py3.10-github	78.04% <90.00%> (?)
prowler-py3.11-github	78.04% <90.00%> (?)
prowler-py3.12-github	78.04% <90.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
prowler	78.04% <90.00%> (∅)
api	∅ <ø> (∅)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.