Make secondary identifier matching if there is no signatures match and no uuid match

The following quotation has been extracted from #322384 (comment 582225105)

We need to make this change because of the following reason.

Suppose, there is a semgrep finding in a project's master branch pipeline. Now, we are going to change the primary identifier of semgrep to bandit identifier. Now, after triggering a pipeline in the new MR, we will notice that the same semgrep finding has been attributed as fixed and added. In order to resolve this issue, we need to use secondary identifier matching

We need to perform the matching in StoreReportService in order to do the actual remapping during persisting different finding. Following is an except from this comment.

Most of the solution seems focused on VulnerabilityReportsComparer but that service is only used for displaying the diff within the UI, not for the actual remapping that must be done within StoreReportService. We should be sure to update that worker in order to persist different findings rather than only show the diff within the UI.

Summary

We need to find a solution using secondary matching in StoreReportService rather than VulnerabilityReportsComparer. This will help us to eliminate the burden of matching in displaying diff in UI. In this comment, we talked about performance issues as well. During implementation, we need to monitor how this will hamper the performance.