feat(ui): allow change request submitter to cancel their own request

[IgorHorta]

Context

Previously, the "Close request" button in the Secret Approval Request UI was only visible to:

• Users who are approvers, OR
• When soft enforcement is enabled

This meant that CR submitters who are not in the approvers list could not cancel their own change requests from the UI, even though the backend already supports this operation.

This PR adds the isCommitter prop to enable the Close button for the CR submitter, allowing them to cancel their own requests.

Related: SECRETS-73

Screenshots

Steps to verify the change

1. Create a user who is NOT an approver for a secret approval policy
2. Have that user create a secret change that triggers a change request
3. Navigate to the Secret Approvals page and view the change request
4. Verify the "Close request" button is now visible and functional
5. Verify the "Merge" button is still disabled (as expected - user is not an approver)

Type

• Fix
• Feature
• Improvement
• Breaking
• Docs
• Chore

Checklist

• Title follows the conventional commit format: type(scope): short description (scope is optional, e.g., fix: prevent crash on sync or fix(api): handle null response).
• Tested locally
• Updated docs (if needed)
• Read the contributing guide

[maidul98]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[greptile-apps]

Greptile Overview

Greptile Summary

This PR adds UI support for change request submitters to cancel their own requests. The backend already authorizes committers to close/reopen their requests (verified in secret-approval-request-service.ts:539-545), so this change simply exposes that capability in the frontend.

Changes:

• Added isCommitter prop to SecretApprovalRequestAction component
• Modified the Close button visibility condition from canApprove || isSoftEnforcement to canApprove || isSoftEnforcement || isCommitter
• Computed isCommitter flag in the parent component by comparing committerUserId with current user's ID
• Refactored shouldBlockSelfReview calculation to reuse the isCommitter variable

Impact:

• Users who submitted a change request can now see and use the "Close request" button, even if they're not approvers
• The Merge button remains correctly disabled for non-approvers
• No security concerns - backend already validates this authorization

Confidence Score: 5/5

• This PR is safe to merge with no identified issues
• The changes are minimal, well-scoped, and align with existing backend authorization logic. The implementation is clean with proper variable reuse
• No files require special attention

Important Files Changed

Filename	Overview
frontend/src/pages/secret-manager/SecretApprovalsPage/components/SecretApprovalRequest/components/SecretApprovalRequestAction.tsx	Added isCommitter prop to enable Close button visibility for change request submitters
frontend/src/pages/secret-manager/SecretApprovalsPage/components/SecretApprovalRequest/components/SecretApprovalRequestChanges.tsx	Computed isCommitter flag and passed it to SecretApprovalRequestAction component, refactored shouldBlockSelfReview to use the new variable

[victorvhs017]

Tested and everything is working!