Allow for an MR to be created from the report to fix a Container Scanning finding

Problem to solve

Container Scanning can spot if a base image is vulnerable to known security issues. In this case, we should try to bump the version to the closest non-vulnerable one (or latest if not otherwise), test again to see if the app still passes all the tests, check the security to ensure we are not patched and then release as a new version.

Further details

Users don't have to care about updating their base images in case of vulnerabilities. They are automatically fixed and released by GitLab.

Proposal

This should be the outcome of the ~"product discovery" #9384 (closed)

For apps with Container Scanning report showing problems, automatically create a MR that uses a newer image. Test again with a pipeline and, in case everything is green and the security report is better, proceed and merge. This issue should focus on providing the remediations data, no additional change to the generic (auto) remediation process.

What does success look like, and how can we measure that?

We can count the number of merge requests automatically merged because of this feature.