New "targeted vulnerabilities" workflow

Managing vulnerabilities in a GitLab project is easy when there's only a few of them. When the number grows, we can leverage great features like GitLab Duo to remediate vulnerabilities with AI. But the generated Merge Request will fix vulnerabilities one by one, while sometimes we want to fix them in bulk (to ease reviewers work and save CI/CD minutes). It can be tedious to understand if a branch is actually fixing what we wanted to address in the first place. There's no way to "pin" the vulnerabilities we want to remediate and see if they were fixed by the change we're making (in a Merge Request).

Example:

https://gitlab.com/gitlab-com/gl-security/engineering-and-research/gib/-/security/vulnerabilities/106479541 has a "Resolve with AI" button, but we had a good 12+ identical vulnerabilities reported, just at different locations. If a Developer wants to fix all of them, the only way is to create a Merge Request and use the Security tab to browse what has been detected, and figure out a diff with the Vulnerability Report list.

Proposal

Allow users to create "targeted vulnerabilities" workflows:

• From the Vulnerability Report page of a project:
  • Select the vulnerabilities to address
  • Create a new Merge Request to remediate them
• In the targeted MR, explicitly show what vulnerabilities remain to be fixed
• Once all targeted vulnerabilities are fixed, let the MR be merged

The UI needs to be updated for this change, to reflect the status of the targeted vulnerabilities directly in the MR without switching tabs.