Unify vulnerability and security polices risk types

The following discussion from !215465 (merged) should be addressed:

• @lorenzvanherwaarden started a discussion: (+1 comment)

  thought (non-blocking): we could re-use the translations from javascripts/vulnerabilities/constants.js#L31-37 here for 1 SSOT. Or perhaps we could move the ones in /vulnerabilities to a shared space so security_orchestration does not need to import from vulnerabilities domain 🤔