Remove redundant check for creating forks

When we create merge_request feedback we need to be sure
that user can create merge_request.
We don't need check if user can create merge request from fork.
Users with permissions lower than Developer can't create
feedback anyway because of the check in ProjectPolicy

ee/app/policies/vulnerabilities/feedback_policy.rb

@@ -11,8 +11,7 @@ module Vulnerabilities
     rule { issue & ~can?(:create_issue) }.prevent :create_vulnerability_feedback
 
     rule do
-      merge_request &
-        (~can?(:create_merge_request_in) | ~can?(:create_merge_request_from))
+      merge_request & ~can?(:create_merge_request_in)
     end.prevent :create_vulnerability_feedback
 
     rule { ~dismissal }.prevent :destroy_vulnerability_feedback, :update_vulnerability_feedback

ee/spec/policies/vulnerabilities/feedback_policy_spec.rb

@@ -56,8 +56,8 @@ RSpec.describe Vulnerabilities::FeedbackPolicy do
         end
       end
 
-      context 'when user does not have permission to create merge_request from project' do
-        # guest can create merge request IN but not FROM
+      context 'when user does not have developer permission' do
+        # guest can create merge request IN
         let(:guest) { create(:user) }
 
         subject { described_class.new(guest, vulnerability_feedback) }
@@ -68,7 +68,6 @@ RSpec.describe Vulnerabilities::FeedbackPolicy do
 
         it 'does not allow to create merge request feedback' do
           is_expected.to be_allowed(:create_merge_request_in)
-          is_expected.to be_disallowed(:create_merge_request_from)
           is_expected.to be_disallowed(:create_vulnerability_feedback)
         end
       end