Hide scanners that aren't run from pipelines' security report summaries

This follows up on #222374 (closed)

Problem to solve

We currently use the securityReportSummary GraphQL endpoint to fetch the count of vulnerabilities found for each scanners in pipelines' Security report. If a particular scanner did not run, the endpoint isn't "aware" of it and reports 0 vulnerabilities regardless.

Proposal

Adjust the GraphQL endpoint to return nil for scanners that did not run, and handle this properly in the frontend to not render the corresponding lines in the summary.

Implementation plan

backend

• Respond with nil for queried scanners that aren't setup yet

frontend (could most likely be done in #222374 (closed))

• Handle the case where some lines in the report are empty (null) and abort their rendering: this was handled in !35060 (merged)

/cc @craigmsmith @cam.x