Brakeman SAST reports vulnerabilities affecting dependencies, already reported by DS

We've got duplicates since the split between SAST and Dependency Scanning (gitlab-org/gitlab-ee#5105) and some items are not filtered anymore (gitlab-org/security-products/sast#21). That because the SAST analyzer based on Brakemen reports vulnerabilities affecting the dependencies, and these are redundant with what's reported the Dependency Scanning (DS). The duplicates come from DS analyzers compatible with Bundler, namely Gemnasium and bundler-audit.

DS and SAST are both based on common/orchestrator and they're both capable of removing duplicates using the Dedupe function of common/issue but there's nothing to remove duplicates between DS and SAST.

A fix would be to change the Brakeman analyzer for SAST and filter out the vulnerabilities affecting Gemfile.lock. See https://gitlab-org.gitlab.io/-/security-products/tests/ruby-bundler-rails/-/jobs/62694811/artifacts/gl-sast-report.json

That been said, we may loose valuable information and we've got to be sure that the DS vulnerabilities reported by Brakeman are also by reported bundler-audit and/or gemnasium. If this is not the case then we should split Brakeman or make it capable of running in "SAST mode" and in "DS mode".