BE: Model changes to support vulnerability report grouping with single GraphQL query

To present the vulnerability report grouping planned in &10164, from frontend we were suggested to present the data in a 2 query approach which was explored in Spike: Investigate 2 query approach for vulnera... (#422203 - closed)

1. Backend first returns the groups and the number of vulnerabilities for each group
2. When a group is expanded, we make another request to fetch the vulnerabilities of that group

After the spike POC we discussed to split the backend work into two parts:

1. GQL changes
2. Model changes

In this issue we track the implementations related to the model changes to Vulnerabilities::Read that is required to support the following code abstraction from the POC.

result = vulnerabilities(args).group_with(grouping).grouped_by_severity.with_count