Use bot avatar for security_policy_bot users

Why are we doing this work

Users of type security_policy_bot can only be identified by name but it's not obvious if we only display the avatar like in the example below:

It would be nice to use a bot avatar for those users.

Relevant links

Non-functional requirements

• Documentation:
• Feature flag:
• Performance:
• Testing:

Implementation plan

- [x] Update Security::Orchestration::CreateBotService to add avatar params to the user object

- [x] Assign avatar to the user similar to that of security bot

- [x] Create a new avatar and add it to lib/assets/images/bot_avatars/

- [ ] Create a background migration to update the avatar image to existing security policy bot users

After the suggestion on this comment we decided to added a shared avatar for the security policy bot.

Verification steps

Scenario 1

• Existing project with a GitLab Security Policy Bot without the security policy bot avatar

1. Go to the members page
2. Search for the GitLab Security Policy Bot avatar
3. Verify the user has the default user avatar.
4. Enable the feature flag security_policy_bot_shared_avatar
5. Verify the user has the GitLab Security Policy Bot avatar

Scenario 2

New project

1. Create a new project
2. Go to Secure > Policies
3. Click on new policy
4. Select Scan execution policy
5. Add a name
6. Click in Configure with a merge request
7. Merge the policy
8. Enable the feature flag security_policy_bot_shared_avatar
9. Go back to the project created on step 1
10. Go to Manage > Members
11. Search for the GitLab Security Policy Bot
12. Verify the bot has the expected avatar and the avatar URL is the shared avatar image containing the path: /assets/bot_avatars/security-bot.