Add tracking info to Secret Detection

What does this MR do and why?

Context

Whenever a Secret Detection finding is created for a secret and if the same secret moves within the file, a new finding gets created along with the previous one, ending up with two findings pointing at the same secret. The new findings continue to be generated until the secret is remediated. So, we decided to solve the problem following the footsteps of SAST (which faced the same problem earlier) i.e., by introducing a tracking signature in the final report and the Rails monolith will use the signature during CI builds to determine if the new findings should be created or refer to the existing findings. For more details, refer to the linked issue.

Why this MR

This MR handles the rails monolith side of business i.e., uses tracking signature info of each finding in the SD report to ensure new findings are not generated if there are findings already present in the system for the same secret.

Technically, this MR does the following:

1. Introduces new tracking algorithm type: rule_value
2. Enables UUID override logic for Secret Detection

You may find this feature's impact on the current system here

Relevant Issue Numbers

• Track Secret Detection findings by filename and... (#434096 - closed)

How to set up and validate locally

1. Update a project with Secret Detection CI configuration to point at the patched secrets analyzer image:

# .gitlab-ci.yml
include:
  - template: Jobs/Secret-Detection.gitlab-ci.yml

secret_detection:
  image:
    name: registry.gitlab.com/gitlab-org/security-products/analyzers/secrets:vbhat-tracking-signature

2. Commit a dummy secret, say glpat-12345123451234512345 in one of the files.
3. Push the commit that triggers the secret_detection CI job in the Pipeline.
4. Ensure the Secret Detection report was ingested successfully
5. Open GDK rails console
6. Check Vulnerabilities::FindingSignature.where(algorithm_type: 5).count.positive? indicating newly created SD finding having rule_value(i.e. 5) as the tracking algorithm.

ee/app/services/security/ingestion/tasks/update_vulnerability_uuids.rb

@@ -3,7 +3,20 @@
 module Security
   module Ingestion
     module Tasks
+      # This task is responsible for updating `uuid` DB column of:
+      #   - vulnerability_occurrences table (via UpdateVulnerabilityUuids::VulnerabilityFindings task)
+      #   - vulnerability_feedback table (via UpdateVulnerabilityUuids::VulnerabilityFeedback task)
+      #   - vulnerability_reads table (via UpdateVulnerabilityUuids::VulnerabilityReads task)
+      # with the `uuid` value of the latest finding in the pipeline. This is done to avoid the duplication of creating
+      # newly identified findings which are the same vulnerabilities by definition and location but have a different
+      # fingerprint algorithm.
+      #
+      # This task currently updates the findings of the following analyzers:
+      # - Semgrep SAST Analyzer (semgrep)
+      # - Secret Detection Analyzer (gitleaks)
       class UpdateVulnerabilityUuids < AbstractTask
+        ALLOWED_SCANNERS = %w[semgrep gitleaks].freeze
+
         def execute
           return unless update_uuids?
 
@@ -46,7 +59,7 @@ def existing_uuids(finding_map_uuids)
         end
 
         def update_uuids?
-          scanners.include?("semgrep")
+          scanners.intersect?(ALLOWED_SCANNERS)
         end
 
         def update_uuids