Finding UUID Migration Phase 2: Backfill new_uuid for existing findings

Problem

After Phase 1 (#587625 (closed)) starts populating new_uuid for new findings, existing findings in vulnerability_occurrences will still have NULL values in the new_uuid column. We need to backfill these with context-aware UUIDs.

Background

UUID composition for Findings (context-aware):

• Report type
• Primary identifier fingerprint
• Location fingerprint
• Security_project_tracked_context_id (branch/tag context)
• Project ID

Implementation

1. Create a batched background migration (BBM) to backfill new_uuid for all findings where new_uuid IS NULL
2. The migration should:
   • Process rows in batches to avoid locking issues
   • Calculate the context-aware UUID using Security::VulnerabilityUUID.generate with context
   • Handle findings without security_project_tracked_context_id appropriately (use NULL context or skip)
3. Add migration tracking and monitoring
4. Verify completion before proceeding to Phase 3

Acceptance Criteria

• BBM created and tested
• All existing findings have new_uuid populated
• Migration completes successfully on GitLab.com
• No performance degradation during migration

Dependencies

• Blocked by #587625 (closed) (Phase 1 must be complete first)

Related

• Part of Finding UUID migration series
• #587625 (closed) - Phase 1: Start populating new_uuid
• Related to #587624 (Vulnerability UUID - definition model)