[Frontend] SPP value not being used correctly in Security inventory

The Secret Push Protection (SPP) setting is stored in the database under security_setting, and is not tracked or maintained in the analyzer_statuses table. The Project type exposes this setting via the secretPushProtectionEnabled GraphQL property, which returns its value directly from the DB.

Currently, the frontend renders SPP as if it's a pipeline-based analyzer, showing fields like "last scan" and "pipeline job" even though SPP does not provide those fields. Additionally, the SubgroupsAndProjects query is missing the secretPushProtectionEnabled property.

Example:

We should:

1. Add secretPushProtectionEnabled to the SubgroupsAndProjects GraphQL query.
2. Use this value to determine SPP scanner status (enabled/disabled).
3. Update the SPP popover to exclude "last scan" and "pipeline job" fields.