Fix injected enabled_reports on page load during active pipeline

Context

The enabled_reports injected during the page load defaults to false when the pipeline is running. This is because the backend needs to wait until the pipeline is complete to deduce the enabled reports.

See the thread for more details: #405047 (comment 1376360535)

Problem

Normally, the frontend does not display the Security Reports widget until the pipeline is complete. The current behavior is that, once it is complete, one has to refresh the page to see the widget. We're changing this behavior and making it dynamic so that once the pipeline is complete, we display the widget automatically without a need for a page refresh.

Since enabled_reports defaults to false on page load when the pipeline is still running, the changes above will make the frontend think there are no enabled reports.

Screenshot

Possible solutions

1. Fix enabled_reports and display the correct value. If there is no way to generate this variable before the pipeline is complete, the backend can serve the result of the previous pipeline. It is most likely that the configuration will persist between pipelines. This is an MVC.
2. Introduce a new endpoint so the frontend can fetch the enabled_reports once the pipeline is complete.

Implementation plan

1. Add available_reports field to app/graphql/types/merge_request_type.rb
2. Make sure to expose fields from https://gitlab.com/gitlab-org/gitlab/blob/eb84cade82c8496fc7a01e41d06985ad92ef2240/app/models/merge_request.rb#L2007 and https://gitlab.com/gitlab-org/gitlab/blob/eb84cade82c8496fc7a01e41d06985ad92ef2240/ee/app/models/ee/merge_request.rb#L225 depending on the license