Vulnerabilities GraphQL query does not return vulnerabilities

Why are we doing this work

When querying vulnerabilities as the top level query, a filtered query returns no vulnerabilities unless they exist in the user security dashboard. We need this call to be more in line with what a user might expect. Just looking at the GraphQL doesn't indicate that the results would be filtered to the user security dashboard.

Steps to reproduce

Run the GraphQL query:

{
  vulnerabilities(projectId: "gid://gitlab/Project/6102100") {
    nodes {
      title
    }
  }
}

The response will contain no vulnerabilities:

However, the equivalent query on project does produce results:

Any project will exhibit this behavior, but https://gitlab.com/gitlab-examples/security/security-reports is a good one to test on.

Relevant links

Non-functional requirements

• Documentation: Update GraphQL documentation and GitLab docs if necessary
• Testing: Add tests for error conditions and new filters

Implementation plan

• backend Add security_center_dashboard boolean flag to vulnerabilities query to indicate the results should be restricted to the User Security Dashboard projects
• frontend Add user_security_dashboard to call from the User Security Dashboard
• backend Add groups filter to the vulnerabilities query
• backend Update VulnerabilitiesBaseResolver vulnerable method to check for groups and projects as arguments
• backend return an error if projects, groups, and user security dashboard are all not present.
  • "A filter must be provided through projects, groups, or user_security_dashboard