Provide way to mass delete vulnerabilities from vulnerability list

Proposal

In certain cases an organization wants to mass delete vulnerabilities from a given project or group. We should consider providing a way of doing this.

There's many compliance controls we would want to consider here as well since it has concerns for abuse, perhaps limiting this capability to instance administrators or Owners.

Workaround

See #235894 (comment 399055337) for script used previously

More info

Needs problem validation. The need to clean up old or irrelevant (SAST FPs, mostly) vulnerabilities is clear. What isn’t clear is the best way to allow deleting vulnerability records in a way that is controlled or restricted. Removing vulnerability records is a dangerous action that needs to be limited to very few individuals. it also needs to be traceable, at least insofar as recording who deleted what, and when.

Another direction we might explore: Much like compliance frameworks working at the group level, what if we created vulnerability removal capabilities there as well? You would then specify which users had rights to remove records by project, or maybe even at a group/sub-group level. This gets around the limitations of our existing limited roles. It also makes it way more scalable/manageable than only being able to do it at the project level (Philippe’s concern).

We do have a manual cleanup script that can be deployed on SaaS or provided to self-managed customers if required. This feature is important, but not urgent.