Introduce security report diffs

What does this MR do?

Introduce security report diffs.

• Allow to compare two reports to get the list of added, existing, and fixed vulnerabilities.
• Provides a Security::CompareReportsBaseService that relies on primary identifier and location fingeprints to compare vulnerabilities.
• Provides a Security::CompareReportsSastService that leverages the git diff to improve matching for SAST reports.

This is a preliminary step (#3) for upcoming changes regarding https://gitlab.com/gitlab-org/gitlab-ee/issues/7586

List of MRs:

1. Use POROs for security report vulnerabilities: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/10417
2. Add locations POROs for vulnerabilities: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/10508
3. Introduce security report diffs: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/10559

What are the relevant issue numbers?

#7586 (closed)

Does this MR meet the acceptance criteria?

• Changelog entry added, if necessary
• Documentation created/updated via this MR
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Tested in all supported browsers
• Conforms to the code review guidelines
• Conforms to the merge request performance guidelines
• Conforms to the style guides
• Conforms to the database guides
• Link to e2e tests MR added if this MR has Requires e2e tests label. See the Test Planning Process.
• EE specific content should be in the top level /ee folder
• For a paid feature, have we considered GitLab.com plans, how it works for groups, and is there a design for promoting it to users who aren't on the correct plan?
• Security reports checked/validated by reviewer

changed milestone to %11.10

added Deliverable backend backstage [DEPRECATED] devopssecure + 1 deleted label

changed target branch from master to 7586-add_locations_poros_for_vulnerabilities

marked as a Work In Progress

changed the description

mentioned in merge request !10508 (merged)

mentioned in merge request !10417 (merged)

@johncai here is the MR I was talking about today on #g_gitaly slack channel. Could you please have a look? Thanks.

Reviewer roulette

Changes that require review have been detected! A merge request is normally reviewed by both a reviewer and a maintainer in its primary category (e.g. frontend or backend), and by a maintainer in all other categories.

To spread load more evenly across eligible reviewers, Danger has randomly picked a candidate for each review slot. Feel free to override this selection if you think someone else would be better-suited, or the chosen person is unavailable.

Once you've decided who will review this merge request, mention them as you normally would! Danger does not (yet?) automatically notify them for you.

Category	Reviewer	Maintainer
backend	Imre Farkas (@ifarkas)	Sean McGivern (@smcgivern)

Generated by Danger

@engwan could you please review this MR? Thanks

/cc @brytannia for the domain logic.

assigned to @engwan

Looks good @gonzoyumo! Just a few suggestions on naming.

assigned to @gonzoyumo