gitlab-advanced-sast: remove invalid vuln reports

Problem to solve

The build system of a C/C++ project may download or dynamically generate source files that are not originally part of the target repository.
For example, installing a library might place headers in /usr/include.

As a result, the current code flow implementation cannot locate or display flows that pass through such external files, making some vulnerability reports misleading or meaningless.

Example:
In this pipeline, the code flows of several vulnerabilities cannot be properly displayed.

---

Proposal

• Check whether all the files involved in a vulnerability’s code flow are present in the repository.
  • If not, remove that vulnerability from the report.
• Make this functionality optional, and enable it by default.