Log and advise about push-rule-rejected commit

Because the GitLab Shell log doesn't include another detail
that references other GitLab components [1],
it is very difficult to find out where and
why exactly a certain push rule was broken.

This commit adds the commit's SHA into that output
and suggests a next step to the user.

[1] https://gitlab.com/gitlab-org/gitlab/-/blob/14-0-stable-ee/doc/administration/logs.md#gitlab-shelllog

Changelog: changed
EE: true

doc/push_rules/push_rules.md

@@ -39,6 +39,12 @@ Now when a user tries to push a commit with a message `Bugfix`, their push is
 declined. Only pushing commits with messages like `Bugfix according to JIRA-123`
 is accepted.
 
+The error message includes the rejected commit's SHA.
+To resolve such errors, commit again with a matching message,
+[rebase and reword](../topics/git/numerous_undo_possibilities_in_git/index.md#how-to-change-history),
+or [amend](https://git-scm.com/docs/git-commit#Documentation/git-commit.txt---amend)
+that commit's message locally.
+
 ### Restrict branch names
 
 If your company has a strict policy for branch names, you may want the branches to start

ee/lib/ee/gitlab/checks/push_rules/commit_check.rb

@@ -42,11 +42,11 @@ module EE
           # In case of errors - all other checks will be canceled and push will be rejected.
           def check_commit(commit)
             unless push_rule.commit_message_allowed?(commit.safe_message)
-              return "Commit message does not follow the pattern '#{push_rule.commit_message_regex}'"
+              return "Commit rejected: Commit message of #{Commit.truncate_sha(commit.id)} does not follow the pattern '#{push_rule.commit_message_regex}'. See https://docs.gitlab.com/ee/push_rules/push_rules.html#commit-messages-with-a-specific-reference for advice."
             end
 
             if push_rule.commit_message_blocked?(commit.safe_message)
-              return "Commit message contains the forbidden pattern '#{push_rule.commit_message_negative_regex}'"
+              return "Commit rejected: Commit message of #{Commit.truncate_sha(commit.id)} contains the forbidden pattern '#{push_rule.commit_message_negative_regex}'. See https://docs.gitlab.com/ee/push_rules/push_rules.html#commit-messages-with-a-specific-reference for advice."
             end
 
             unless push_rule.author_email_allowed?(commit.committer_email)

ee/spec/lib/ee/gitlab/checks/push_rules/commit_check_spec.rb

@@ -12,14 +12,14 @@ RSpec.describe EE::Gitlab::Checks::PushRules::CommitCheck do
       it_behaves_like 'check ignored when push rule unlicensed'
 
       it 'returns an error if the rule fails due to missing required characters' do
-        expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "Commit message does not follow the pattern '#{push_rule.commit_message_regex}'")
+        expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "Commit rejected: Commit message of 54fcc214 does not follow the pattern '#{push_rule.commit_message_regex}'. See https://docs.gitlab.com/ee/push_rules/push_rules.html#commit-messages-with-a-specific-reference for advice.")
       end
 
       it 'returns an error if the rule fails due to forbidden characters' do
         push_rule.commit_message_regex = nil
         push_rule.commit_message_negative_regex = '.*'
 
-        expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "Commit message contains the forbidden pattern '#{push_rule.commit_message_negative_regex}'")
+        expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "Commit rejected: Commit message of 54fcc214 contains the forbidden pattern '#{push_rule.commit_message_negative_regex}'. See https://docs.gitlab.com/ee/push_rules/push_rules.html#commit-messages-with-a-specific-reference for advice.")
       end
 
       it 'returns an error if the regex is invalid' do