Refactor filters for security scan rule for merge request approval policy

Why are we doing this work

• @mcavoj started a discussion:

  suggestion(non-blocking): we may need to do some follow-up refactoring here, it has evolved like this but it's not clear anymore why we're omitting certain values. Maybe simple rename of this method would make it clearer, but now it's somehow surprising why we're not handling all vulnerability_attributes in the vulnerabilityAttributes method.

Filters require refactoring because of growing complexity on scale.

Test using pinia

Relevant links

Non-functional requirements

• Documentation:
• Feature flag:
• Performance:
• Testing:

Implementation plan

Verification steps