Fix present_on_default_branch when creating vulnerabilities on branches

What does this MR do and why?

In Pipeline Security: Migrate issue-creation REST ... (!130390 - merged) we introduced a bug when we switched from using REST to Graphql to create an issue from a security finding via the Pipeline -> Security tab on an MR pipeline.

As part of creating an issue, we need to find or create a vulnerability for the finding, as the issue is linked to a vulnerability, not a finding. The REST endpoint explicitly set present_on_default_branch to false if a vulnerability was created. The Graphql endpoint does not set any value for present_on_default_branch and so the default of true is used.

This MR explicitly sets present_on_default_branch to false when called from Vulnerabilities::SecurityFinding::CreateIssueService.

This is not the first bug of this kind to surface. An essentially identical bug is present when creating a merge request from a pipeline finding Bug with create MergeRequest action on a non de... (#421428 - closed)). At the reviewers request the fix for this additional bug has been applied in this MR as well as the root cause and fix for both are identical.

To reduce the chance of future occurrences this MR also removes the default present_on_default_branch: true from Vulnerabilities::FindOrCreateFromSecurityFindingService and makes it a required argument. This will force future callers to consider what this should be set to from the calling context.

How to set up and validate locally

See the parent issue #424081 (closed) for steps to reproduce.

Related to #424081 (closed)

Related to #421428 (closed)