Add another layer of reviews for SAST scan reports

Proposal

We need to implement a workflow with "false positive" review and how it can be scaled for multiple projects/teams and large number of vulns.

For example, we have at least 1000 critical SAST vulns, we don't want one person to be able to review and dismiss vulns as false positives, and we need a 2nd reviewer and approver.

The suggested workflow:

1. Developers review vulns on the Security dashboard

2. After review, the developers mark the vulns as "potential false positive" and provide comments against each vuln

3. The proposed "false positive" will be assigned to the security team (of a user) to review the proposed vulns

4. The reviewer will be able to dismiss the vulns if the reason provided is acceptable or reject the proposal if the reason is not accepted