Remove `Security::ReportFetchService`

Summary

Security::ReportFetchService is leftover code from when the Dependency List was populated with security reports. Now that we have completely transitioned the dependency list over to using database records, we should delete it.

This means that we need to:

1. Understand how the frontend is currently using build information
2. Figure out a way to migrate this functionality to not depend on security reports (e.g. by storing the latest ingested pipeline ID)
3. Delete Security::ReportFetchService once we no longer have any dependencies on it

This should fix #462861 (closed) and also unblock #457633 (closed).

Implementation plan

1. backend Pass path to the latest ingested SBoM pipeline path and finished_at timestamp to the frontend via HAML (This should not be included in the dependencies response for separation of concerns).
2. backend Inject hasNoDependencies via HALM if the project does not have at least one sbom_occurrences record.
3. frontend Link to the pipeline instead of the job.
4. frontend In the frontend app:
   1. Don't show the pipeline information if there are dependencies but no pipeline
   2. Show the "no dependencies" empty state if there is a pipeline but no dependencies
   3. Show the "job not set up" empty state if there is no pipeline and no dependencies
   4. Remove the "Dependency list job failed" alert
   5. Remove the no_dependency_files alert
   6. Remove any remaining references to reportInfo (e.g. in vue store)
5. backend Remove the report data from the response
6. backend Remove ReportFetchService