Align security report type enums

Problem

Vulnerabilities::Occurrence#report_type and Vulnerabilities::Feedback#category are both enums with the same structure:

{
  sast: 0,
  dependency_scanning: 1,
  container_scanning: 2,
  dast: 3
}

I see two issues here:

1. The difference in names referring to identical enums is confusing
2. We use these attributes to associate occurrences with feedback in Occurrence.undismissed and Occurrence#feedback. If one enum diverges from the other, it could break these methods

Where this came from

The following discussion from !20599 (merged) should be addressed:

• @jameslopez started a discussion:

  nitpick: should this be report_type or category? Looks like an opportunity to refactor this, but could be in a follow-up issue.

Proposed solution

1. Rename Feedback#category to Feedback#report_type OR rename both to #security_report_type for additional clarity
2. Set Occurrence::REPORT_TYPES as the source of truth, and have Feedback use that constant for #category