Project security dashboard not visible to custom guest with read_vulnerability

Description

Currently, a custom guest with read_vulnerability gets a 404 when trying to visit the project security dashboard page.

Interestingly, if the custom role is on a group, they can see the group security dashboard page. That was validated here: #411851 (comment 1507068670)

The custom guest user with read_vulnerability can see also see the project-level vulnerability report but not the security dashboard.

This is because access_security_and_compliance is required to view this.

This also came up in another MR related to custom roles: !128921 (diffs, comment 1506977575)

We need to either enable access_security_and_compliance for custom role users or we need to refactor the usage of that ability.

What I see

A 404

What I should see

The project security dashboard