[SPIKE] Determine how to decouple sbom services from `vulnerability_finding_pipelines`

Background Context

• As part of the epic to Delete `vulnerability_occurrence_pipelines` table (&11241 - closed), we needed to migrate two SBOM-related services off of using pipeline.vulnerability_findings (as that relation utilizes the table we want to delete)
• We did this in !147504 (merged) by replacing the pipeline.vulnerability_findings call with project.vulnerability_findings
• Going through the project caused a performance regression
• we reverted the changes in Resolve query performance regression on SBOM re... (!149823 - merged) • Michael Becker • 17.0

Implementation Plan

see: Decouple sbom services from `vulnerability_find... (#472760 - closed) • Michael Becker • 17.4 • On track