Add Security Reports logic

What does this MR do?

Add EE specific logic on top of Extend reports to support security features to allow Security reports to be collected.

This MR also adds a SAST parser that convert report data into non persisted AR models

This MR adds a dummy SAST parser, implementation is coming in a separate MR.

NB: This MR also currently includes the diff with CE code until CE to EE MR gets merged.

TODO:

• check the exclusive lease key, now that we store per pipeline but also try to reuse occurrences, the concurrency handling is different
• fix existing code to adapt to the new occurrence_pipelines join model
• complete test suite
• disable store report feature_flag (https://docs.gitlab.com/ee/development/rolling_out_changes_using_feature_flags.html#undefined-feature-flags-default-to-quot-on-quot)

What's next?

• update data retention period policy (https://gitlab.com/gitlab-org/gitlab-ee/issues/7595) to align with our new model
• address n+1 problem (bulk_insert and bulk_upsert). See https://gitlab.com/gitlab-org/gitlab-ee/issues/8091

What are the relevant issue numbers?

#6717 (closed)

Does this MR meet the acceptance criteria?

• Changelog entry added, if necessary
• Documentation created/updated
• Tests added for this feature/bug
• Conforms to the code review guidelines
• Conforms to the merge request performance guidelines
• Conforms to the style guides
• Conforms to the database guides
• EE specific content should be in the top level /ee folder
• For a paid feature, have we considered GitLab.com plans, how it works for groups, and is there a design for promoting it to users who aren't on the correct plan?