Store vulnerabilities in database instead of job artifacts

Description

In order to build reliable features on Security Reports and the generated vulnerabilities we need to have these data stored in the database instead of fetching jobs artifacts (json files).

To achieve this we need to go through the following steps:

• Find how to identify a vulnerability at project level (across multiple executions of the report)
• Find how to identify a vulnerability at group/instance level (across multiple projects)
• Find how to aggregate vulnerabilities before displaying and taking actions on them. E.g. dismiss all occurrences of a CVE for a group or instance wide? Or only similar occurrences matching multiple criteria like same CVE + package name? (User should be warned about the fact that future vulnerabilities may be automatically dismissed if matching)
• Find how to store vulnerabilities in a scalable way (each push of each project may produce a new list of vulnerabilities) that suit the needs defined above.

These questions are not trivial and the answer may vary between the different report categories: SAST, Dependency Scanning, Container Scanning, DAST.

The changes will need deep reviews, performance benchmarks, load testings, etc.