Adjust `Mutations::Vulnerabilities::Resolve` to accept `comment`

Why are we doing this work

One of the points of Vulnerability bulk status updates (&4649 - closed) is to allow bulk status updates on Vulnerabilities with a comment. To achieve this, we need to adjust our GraphQL mutations and/or service objects to accept a comment

Relevant links

• Design issue: #267582 (closed)
• Backend issue to add ability for comments in all state changes: #323129 (closed)
• Original issue: #323439 (closed)

Implementation plan

• Adjust ee/app/graphql/mutations/vulnerabilities/resolve.rb to accept comment
• Adjust ee/app/services/vulnerabilities/resolve_service.rb to accept comment and create appropriate Vulnerabilities::StateTransition
• Adjust specs

Verification

• Visit https://gitlab.com/gitlab-org/secure/tests/verify-373969/-/security/vulnerability_report - the required feature flag deprecate_vulnerabilities_feedback is already enabled for this project.
• Note down the ID of a vulnerability that is not resolved.
• Visit https://gitlab.com/-/graphql-explorer and run the following graphql mutation

mutation($input: VulnerabilityResolveInput!) {
  vulnerabilityResolve(input: $input) {
    vulnerability {
      id
      state
      stateComment
    }
  }
}

query variables:

{
  "input": {
    "id": "gid://gitlab/Vulnerability/<vulnerability_id>",
    "clientMutationId": "ANY_STRING",
    "comment": "Test Resolve Comment"
  }
}

• There is currently no UI to view the stateComment, but you can check it has persisted by running the following graphql query.

query {
  vulnerability(id: "gid://gitlab/Vulnerability/<vulnerability_id>") {
    id
    state
    stateComment
  }
}

• Reload https://gitlab.com/gitlab-org/secure/tests/verify-373969/-/security/vulnerability_report - the vulnerability should no longer appear by default now it is resolved.
• Select 'Resolved' in the 'State' dropdown and you should see the vulnerability with the correct status.