Splits out SAST reports to a new module

What does this MR do?

This MR splits out the SAST report logic in the security_reports store into a separate module. It also lays some of the groundwork for us to give the other reports the same treatment.

It also includes the mediator pattern that has been used in the security dashboard to allow the modules to trigger actions in other modules. Please see this article for a better explanation of this pattern.

Because I'm moving tests, actions, getter, mutations, and mutation types into a new module; it seems like there are a lot more changes than there actually is. If you look closely, you'll see a lot of these changes are copy/pasted.

There are no user-facing changes, it's all ~backstage everything should function in exactly the same way that it did before this change.

Does this MR meet the acceptance criteria?

Conformity

• [-] Changelog entry
• [-] Documentation created/updated or follow-up review issue created
• Code review guidelines
• Merge request performance guidelines
• Style guides
• [-] Database guides
• [-] Separation of EE specific content

Performance and testing

• Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
• [-] Tested in all supported browsers

Lays the groundwork for #11975 (closed)