Add vulnerabilities field to project.pipeline query

Why are we doing this work

We need to align the vulnerabilities calls for pipelines to match the vulnerabilities calls for project and group. This will help the FE to have more consistent code. Currently, we have project.pipeline.securityReportFindings, but it's formatted differently than other vulnerabilities. We will create a new field that matches the output for the existing fields for project and group, but filling in data that does not exist with null. It will still use Security Findings for its response, but will format those findings like vulnerabilities.

This issue is specifically to create the new project.pipeline.vulnerabilities field. Deprecation of the project.pipeline.securityReportFindings call will be handled in #343475.

Relevant links

• Deprecation Issue

Non-functional requirements

• Documentation: Update GraphQL documentation
• Testing: Add tests for new field

Implementation plan

• backend Create new vulnerabilities field for project.pipeline. We may be able to use the same resolver as project.vulnerabilties with some modifications to account for missing fields.
• backend Create tests