Add GraphQL support to On Demand API Scans

What does this MR do and why?

Describe in detail what your merge request does and why.

This MR resolves #378692 (closed)

DAST API has recently added support for GraphQL Schemas and the ability to pull the schema from an API endpoint. On Demand API Scans should also have support for GraphQL when using DAST API as the scanner backend. While DAST API supports both directly querying the GraphQL endpoint, as well as providing a schema as a file or URL, only the direct querying of the GraphQL endpoint will be added.

In addition to adding support for GraphQL to On Demand API Scans, the documentation should also provide instructions on how to allow list our scanner through the use of a header provided via the Request Headers field in the site profile. Many GraphQL frameworks are starting to disable introspection queries by default, which will cause the scan to fail. However, it is also straight forward for most frameworks to allow the introspection query if a user defined header is included in the request.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

horizontal

vertical

graphql_option

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

1. Go to /-/security/configuration/profile_library#site-profiles on a project level
2. Create new profile or edit existing
3. Select Site type API
4. Select Scan method GraphQL from a dropdown

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.

Related to #378692 (closed)