[backend] Link compliance frameworks with vulnerability management policies

Summary

When a security policy is scoped to a compliance framework, the compliance framework page shows the policies that are linked to the framework. This works correctly for approval policy and scan execution policy, but it does not work for vulnerability management policy type.

Currently we link a policy to a compliance framework through compliance_framework_security_policies table. But we do not link the policy with type vulnerability_management_policy to the framework. As a part of this issue we want to fix it by linking vulnerability management policy too so that it is visible in the framework page.

See issue #492552 (closed) for how it's done for the pipeline execution policy.