Check if security scans have not been performed in MR [backend issue]

backend issue for #198496 (closed)

Implementation plan

1. Hide all work behind the feature flag (discuss its name with frontend counterpart).
2. Compare Security::Scan objects created for the main branch and Merge Request branch. Check if there are differences.
3. Add results for the previous step to EE::MergeRequestPollCachedWidgetEntity (name of the field is should be discussed with frontend counterpart) so it's a part of /merge_requests/:id/cached_widget.json.json response. We did similar feature for Found denied licenses with License Compliance
4. Feature policy: The field that is added to the previous step is should be accessible for those who can access project pipelines.