Add a new key to security reports to compare vulnerabilities

Description

Following discussions on https://gitlab.com/gitlab-org/gitlab-ee/issues/5660 about how MR widget (frontend) is doing the diff between source and target branch to generate list of issues.

Currently it relies on the cve field of a vulnerability but this is not a reliable field as it's not always present and it's not always the best key to compare with.

Proposal

Add a new project_fingerprint property to vulnerability object that will be dedicated to this comparison task and will ensure it doesn't mess with other metadata that could be displayed in the UI.

For DB reasons this must be a fixed length value so we need to generate a sha1 hash.

Links / references

https://gitlab.com/gitlab-org/gitlab-ee/issues/5660