[BE] Add fields to the PipelineSecurityReportFinding GraphQL type

As a part migrating the pipeline security dashboard to GraphQL we need to add several fields to the PipelineSecurityReportFinding type.

Currently used fields when displaying vulnerability details (ee/app/assets/javascripts/vulnerabilities/components/vulnerability_details.vue):

• location
• stacktraceSnippet
• scanner
• location
• evidenceSource
• supportingMessages
• request
• response
• description
• title
• severity
• evidence
• links
• identifiers
• assets
• uuid

Current `PipelineSecurityReportFinding` fields:

• confidence
• description
• identifiers
• location
• name
• project
• projectFingerprint
• reportType
• scanner
• severity
• solution
• state
• uuid

Based on that the following fields are missing:

• stacktraceSnippet
• evidenceSource
• supportingMessages
• request
• response
• title
• evidence
• links
• assets

Related links

• Discussion in frontend issue

Additional info

https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/app/serializers/vulnerabilities/finding_entity.rb seems to contain all fields mentioned above. So this file can be used to double check the missing fields.

If possible, make sure to return the same structure as used in https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/app/helpers/vulnerabilities_helper.rb#L10. This will help us reuse the same logic we have for the vulnerability details page in the frontend.

Implementation Plan

1. Create the following new GraphQL types, which are based on the findings from Technical Spike: Define GraphQL schema to support migration for Vulnerability Details:

   type VulnerabilityEvidence {
     summary: String
     supportingMessages: [VulnerabilityEvidenceSupportingMessage]
     source: VulnerabilityEvidenceSource
     request: [VulnerabilityRequest!]
     response: [VulnerabilityResponse!]
   }
   
   type VulnerabilityEvidenceSupportingMessage {
     name: String!
     request: [VulnerabilityRequest]
     response: [VulnerabilityResponse]
   }
   
   type VulnerabilityEvidenceSource {
     id: String!
     name: String!
     url: String
   }
   
   type VulnerabilityRequestResponseHeader {
     name: String
     value: String
   }
   
   type VulnerabilityRequest {
     body: String
     method: String!
     url: String!
     headers: [VulnerabilityRequestResponseHeader!]
   }
   
   type VulnerabilityResponse {
     body: String
     statusCode: String!
     reasonPhrase: String!
     headers: [VulnerabilityRequestResponseHeader!]
   }
   
   type VulnerabilityAsset {
     type: String!
     name: String!
     url: String!
   }
   
   # Check ee/lib/ee/gitlab/ci/parsers/security/validators/schemas/coverage-fuzzing-report-format.json
   # for more details
   type VulnerabilityLocationCoverageFuzzing {
     crashType: String
     crashAddress: String
     stacktraceSnippet: String
   }

2. Extend PipelineSecurityReportFindingType to add the following fields, based on the new types added in step 1.:

    type SecurityReportFinding
    {
      assets: [VulnerabilityAsset]
      evidence: VulnerabilityEvidence
      title: String # alias for `name`, which will be deprecated
      stacktraceSnippet: VulnerabilityLocationCoverageFuzzing
    }