Improve vulnerability report tool filter filtering

What does this MR do and why?

This MR changes the way the tool_with_vendor_filter.vue does its filtering. This filter is only used on the project vulnerability report:

Previously, it was filtering on 2 fields: reportType and scannerId (the ID of the actual scanner, e.g. eslint, gitleaks, etc). reportType was hard-coded to REPORT_TYPE_PRESETS.DEVELOPMENT, and scannerId changes based on the selected tools. This MR changes the following:

1. If there are no selected items, it will filter reportType by the preset.
2. If there is no custom vendor and some items are selected, it will filter reportType by the selected items.
3. If there is a custom vendor and some items are selected, it will filter by scannerId.
4. If there is a custom vendor, some items are selected, but there are no scanners for the selected items, it will filter by reportType.

In short, either reportType or scannerId will be used, but not both at the same time.

This change fixes the following issues:

1. For the gitlab-org/gitlab project, secret detection results are shown in addition to SAST results, when only SAST is selected.
2. No results are shown when only secret detection is selected.
3. It slightly speeds up the database query because it no longer has to filter on 2 fields.
4. It reduces confusion with how the filters are applied.

How to set up and validate locally

1. Test the tool filter against a project with a custom vendor, for example this one, and verify that the GraphQL calls matches the above behavior.
2. Test the tool filter against a project without a custom vendor, for example this one, and verify that the GraphQL calls matches the above behavior.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.

Related to #351719 (closed)