Include Noteable concern in Vulnerabilities::StateTransition

Proposal

I propose we include Noteable in Vulnerabilities::StateTransition model.

Rationale

Right now - what happens when you comment on a state transition (do not confuse with StateTransition model) depends on how you do it which is... inconsistent and problematic.

Via Vulnerability report

1. Go to Vulnerability report
2. Select a Vulnerability
3. Dismiss it
4. Put a comment under the status change

Result: A DiscussionNote gets created

Via Security tab of the pipeline status

1. Go to CI/CD -> Pipelines
2. Select a pipeline
3. Go to Security tab
4. Select a Vulnerability and dismiss it with a comment
5. Put a comment under the status change

Result: only a Vulnerabilities::Feedback gets created

Problems

1. In the first scenario, we actually create a DiscussionNote on the Vulnerability itself, not on the Vulnerabilties::Feedback so it's not obvious where does it come from.
2. In the second scenario, if you modify the comment, the Vulnerabilities::Feedback gets updates in place which means we lost the previous comment and it's author.
3. You can't add more than one comment on a state transition which is... less than ideal I think

Solution

I think including Noteable in Vulnerabilities::StateTransition is a good idea. It will allow us to build the following system:

1. All Vulnerabilities::StateTransition records can be treated as immutable
2. We can build a robust audit trail for a Vulnerability since Vulnerabilities::StateTransition can't be modified
3. You can put as many Note on every Vulnerabilities::StateTransition as you want so users can "discuss" any given Vulnerabilities::StateTransition without modifying the actual record
4. We can generate audit trails that either show or don't show the additional Note

VERY BAD UX MOCKUP