Adjust security report models and ingestion for schema 15-0-0

Why are we doing this work

In #363134 (closed) we'll release version 15-0-0 of the security report schemas.

The following changes were flagged as requiring an update on the Rails side:

• Remove vulnerabilities[].confidence. Confidence is marked as a required field on both the application layer and the database layer.
• Remove vulnerabilities[].scanner. We are currently using this property in security/common.rb while parsing the report and genarating the plain old ruby objects. The current logic fails if this property does not exist.

While the properties above are no longer present in 15-0-0, they are still allowed in 14-x-x schemas. For each property, we need to either:

1. Completely remove it in %15.4; OR
2. Make it optional in %15.4 and remove them in %16.0 (create separate issue for removal if this path is chosen)

Relevant links

Non-functional requirements

• Documentation:
• Feature flag:
• Performance:
• Testing:

Implementation plan

• MR 1: Make confidence optional
  • Model
  • Add DB migration to make column optional/nullable
• MR 2: mark confidence field as deprecated
  • VulnerabilityCreate mutation ee/app/graphql/mutations/vulnerabilities/create.rb
  • VulnerabilityConfidenceEnum ee/app/graphql/types/vulnerability_confidence_enum.rb
  • PipelineSecurityReportFinding type ee/app/graphql/types/pipeline_security_report_finding_type.rb
  • Vulnerability REST API ee/lib/ee/api/entities/vulnerability.rb
  • VulnerabilityFindings REST API ee/lib/api/vulnerability_findings.rb
• MR 3: make confidence optional for security report parsing
  • create_finding in lib/gitlab/ci/parsers/security/common.rb

The scanner property will be handled in a separate issue: #371570 (closed).

Verification steps