Migrate dependency filtering to GraphQL

Current Architecture

There are 2 requests happening to filter the dependency list:

1. A GraphQL request search for the component
2. Calls dependencies.json to return the filtered dependency list

1. Search for component (GraphQL)	2. Filter dependency list (REST)

Proposal

We should consolidate both requests into GraphQL instead of mixing GraphQL and REST calls.

Filter dependency list

REST --> GraphQL

This change would:

• ✅ Eliminate complication of handling two different request types
• ✅ Adhere to GitLab's preference of using GraphQL
• ✅ Adds documentation and make it as a public facing endpoint

Current GraphQL

• Group: https://gitlab.com/groups/gitlab-examples/security/-/dependencies
• Project: https://gitlab.com/gitlab-org/govern/threat-insights-demos/frontend/security-reports/-/dependencies

Group / Project

id --> REST occurrence_id
licenses [{ name, url }]
location { blobPath, path }
name
packager
reachability
version

What's missing

Project

location { 
  topLevel: Boolean 
  ancestors: []
}
licenses [{
  spdx_identifier: string
}]
vulnerability_count

Group

location { 
  topLevel: Boolean 
  ancestors: []
}
licenses [{
  spdx_identifier: string
}]
occurrence_count: string
project_count: string
component_id: string
vulnerability_count: string

Required Fields

Project

"dependencies": [
    {
        "name": "activerecord",
        "packager": "bundler",
        "version": "5.0.0",
        "location": {
            "blob_path": "/gitlab-org/govern/threat-insights-demos/frontend/security-reports/-/blob/225fa090f92d057854a68e9f8e071f86523be984/dependency-scanning-files/Gemfile.lock",
            "path": "dependency-scanning-files/Gemfile.lock",
            "top_level": false,
            "ancestors": []
        },
        "licenses": [
            {
                "spdx_identifier": "MIT",
                "name": "MIT License",
                "url": "https://spdx.org/licenses/MIT.html"
            }
        ],
        "occurrence_id": 4546593244,
        "vulnerability_count": 3
    },

Group

"dependencies": [
    {
        "name": "rubyzip",
        "packager": "bundler",
        "version": "1.2.1",
        "licenses": [
            {
                "spdx_identifier": "BSD-2-Clause",
                "name": "BSD 2-Clause \"Simplified\" License",
                "url": "https://spdx.org/licenses/BSD-2-Clause.html"
            }
        ],
        "occurrence_count": 1,
        "project_count": 1,
        "component_id": 2099137,
        "occurrence_id": 1695105957,
        "vulnerability_count": 4
    },