Spike: Investigate 2 query approach for vulnerability grouping

Summary

Investigate the 2 query approach:

1. Backend first returns the groups and the number of vulnerabilities for each group
2. When a group is expanded, we make another request to fetch the vulnerabilities of that group

suggested by the frontend to have vulnerability grouping.

More context in #419568 (comment 1492780797)

Goal

At the end of this spike investigation we should have an implementation plan and a POC for a grouping like status/tool for which we have data already in vulnerability_reads table.

Summary from POC

POC MR: !131888 (closed)

We can split the work into:

1. Model related changes for Vulnerabilities::Read #425783
2. GraphQL changes to the support the first query. #425786

Noted that for the second query we can make use of existing vulnerabilities API.