Create Merge Request From Remediated Vulnerability Solution

What does this MR do?

Adds support for creating a Merge Request from a Vulnerability Solution

• Add MergeRequests::CreateFromVulnerabilityDataService
• Add new Vulnerabilities::Feedback#feedback_type of 'merge_request'

Fixes https://gitlab.com/gitlab-org/gitlab-ee/issues/9224

Database checklist

• Conforms to the database guides

When adding migrations:

• Updated db/schema.rb
• Added a down method so the migration can be reverted
• Added the output of the migration(s) to the MR body
• Added tests for the migration in spec/migrations if necessary (e.g. when migrating data)

❯ be rails db:migrate
== 20190129013538 AddMergeRequestIdToVulnerabilityFeedback: migrating =========
-- add_column(:vulnerability_feedback, :merge_request_id, :integer, {:null=>true})
   -> 0.0007s
== 20190129013538 AddMergeRequestIdToVulnerabilityFeedback: migrated (0.0007s)

== 20190301182031 AddMergeRequestIdIndexOnVulnerabilityFeedback: migrating ====
-- transaction_open?()
   -> 0.0000s
-- index_exists?(:vulnerability_feedback, :merge_request_id, {:algorithm=>:concurrently})
   -> 0.0018s
-- execute("SET statement_timeout TO 0")
   -> 0.0004s
-- add_index(:vulnerability_feedback, :merge_request_id, {:algorithm=>:concurrently})
   -> 0.0030s
-- execute("RESET ALL")
   -> 0.0004s
-- transaction_open?()
   -> 0.0000s
-- foreign_keys(:vulnerability_feedback)
   -> 0.0016s
-- execute("ALTER TABLE vulnerability_feedback\nADD CONSTRAINT fk_563ff1912e\nFOREIGN KEY (merge_request_id)\nREFERENCES merge_requests (id)\nON DELETE SET NULL\nNOT VALID;\n")
   -> 0.0008s
-- execute("SET statement_timeout TO 0")
   -> 0.0003s
-- execute("ALTER TABLE vulnerability_feedback VALIDATE CONSTRAINT fk_563ff1912e;")
   -> 0.0027s
-- execute("RESET ALL")
   -> 0.0005s
== 20190301182031 AddMergeRequestIdIndexOnVulnerabilityFeedback: migrated (0.0120s)

When adding foreign keys to existing tables:

• Included a migration to remove orphaned rows in the source table before adding the foreign key
• Removed any instances of dependent: ... that may no longer be necessary

General checklist

• Changelog entry added, if necessary
• Documentation created/updated
• Tests added for this feature/bug
• Conforms to the code review guidelines
• Conforms to the merge request performance guidelines
• Conforms to the style guides