Add weighting guidelines to Static Analysis group page

Why is this change being made?

This restores weighting guidelines that were removed in Secure planning (!12048 - merged) • Thiago Figueiró. The original intent was for each group to add their own definitions, but groupstatic analysis hasn't yet documented group-specific guidelines, leaving engineers without clear criteria for estimating issue effort.

The original weighting table was removed because each team might have their own definition of weights, with the understanding that groups would add their own versions as needed. This creates a practical gap: engineers need weighting guidelines for refinement and capacity planning, but currently have no documented reference.

This MR documents the weighting approach that groupstatic analysis currently uses. It restores the original AST-wide weighting scale (Fibonacci: 1, 2, 3, 5, 8, 13) as our baseline, which reflects existing practice rather than proposing a new system. This same baseline is available for adoption by other groups in devopsapplication security testing if useful.

Context: This came up when preparing capacity planning for upcoming milestones and discovering no documented scale exists for groupstatic analysis. I asked for clarification in #s_application-security-testing (internal link).

Author and Reviewer Checklist

Please verify the check list and ensure to tick them off before the MR is merged.

• Provided a concise title for this Merge Request (MR)
• Added a description to this MR explaining the reasons for the proposed change, per say why, not just what
  • Copy/paste the Slack conversation to document it for later, or upload screenshots. Verify that no confidential data is added, and the content is SAFE
• Assign reviewers for this MR to the correct
  • The when to get approval handbook section explains when DRI approval is required
  • The who can approve handbook section explains how to identify the DRI
  • If the MR does not require DRI approval, consider asking someone on your team, such as your manager.
  • The approver may merge the MR. If they approve but don't merge, you can merge.
• For transparency, share this MR with the audience that will be impacted.
  • Team: For changes that affect your direct team, share in your group Slack channel
  • Department: If the update affects your department, share the MR in your department Slack channel
  • Division: If the update affects your division, share the MR in your division Slack channel
  • Company: If the update affects all (or the majority of) GitLab team members, post an update in #whats-happening-at-gitlab linking to this MR
    • For high-priority company-wide announcements work with the internal communications team to post the update in #company-fyi and align on a plan to circulate in additional channels like the "While You Were Iterating" Newsletter

Commits

• Update file _index.md

---