bot auto-create merge request - status evaluation

Time boxed assessment (research and re-refinement) of the objective to have the bot auto-create a merge request

1. are we unblocked now that Backend: Enable a ci_token permission flow for ... (#346298 - closed) is complete?
2. as it has been a while since the work was defined and refined and there may need to be changes because of the above - check on the bot, and assess if an additional issues are needed. For example we may need to modify the way the bot is working based on - or we may need documentation steps to tell a user to take specific steps to enable the bot. Relook at the entire thing and make sure the bot meets the objectives and if anything is missing create an issue in this epic to address those.
3. if major changes aren't needed please review the appsec review documents: https://gitlab.com/gitlab-org/gitlab/-/issues/343393#note_709049057 so we can have it reviewed.

AR bot objectives:

• user can enable bot to create MRs when there are suggested solutions
• user can see status (if bot enabled or not)
• user can find bot created mrs
• user can see which findings the bot has actioned on the vuln list
• the user documents are updated to explain how you enable or disable the bot as well as how the bot works (how often it runs, what it does) you may also need to augment/create documentation around suggested solutions as well
• make sure enough tests are in place