Add warning if VR's MR will be public

Problem to solve

Originally noted in https://gitlab.com/gitlab-org/gitlab/-/issues/476553#note_2026802756 by @poffey21 , if the user is using Vulnerability Resolution from a public project, the MR will also be public. This would lead to a potential exploit being made visible, without the user's awareness.

Solution

If VR is being used from a private project, no changes are needed.

If VR is being used from a public project, add this disclaimer under the Vulnerability Resolution dropdown:

Learn more should link to https://docs.gitlab.com/ee/user/project/merge_requests/confidential.html.

Questions

• Is this a larger problem outside of VR? Wouldn't vulnerabilities in public projects be shown in the MR as well? How does the user find the vulnerability in the forked/ mirrored repo?