Merge Request page has requests that error 404 when user does not have access to SAST and DAST reports

If you load an MR, for example !29128 (merged), and look at a console you see two requests that are result in 404's:

• https://gitlab.com/gitlab-org/gitlab/-/vulnerability_feedback?category=sast
• https://gitlab.com/gitlab-org/gitlab/-/vulnerability_feedback?category=dast

---

This does not happen on a user account with "Developer" permissions, but is appearing for a user with "Guest" permissions.

Acceptance Criteria

1. User without permission for SAST and DAST reports (i.e. "Guest") does not attempt the two AJAX requests.
2. User with permissions for SAST and DAST reports (i.e. "Developer") does attempt and successfully completes the two AJAX requests.

Technical notes

The source of the two requests is in these two if checks:

https://gitlab.com/gitlab-org/gitlab/blob/e61e29a0ce22946c42eb3ff7a6d6aa331a63ed9f/ee/app/assets/javascripts/vue_shared/security_reports/grouped_security_reports_app.vue#L209-226

    if (sastDiffEndpoint && this.hasSastReports) {
      ...
    }
    if (dastDiffEndpoint && this.hasDastReports) {
      ...
    }

It doesn't check if the user has access to the SAST and DAST reports, so we need to add in that check.