Collate and clarify docs on how security scanning works

What does this MR do?

Collate and clarify docs on how security scanning works and what users can do with the results.

• Detect
  • Add mention that security scanning benefits both during and after development.
  • New "Security scanning" section covers basic concepts.
  • New "Security scanning process" describes what goes on "behind the scenes" to then have the results available in the UI.
  • Included criteria that determine which security scanning jobs run. This was moved from elsewhere.
• Security scanning results
  • Defined terminology used throughout - finding and vulnerability
  • Describe differences in what you see in a branch pipeline vs a merge request pipeline.
  • Security report artifacts and how to get them.
  • Pipeline security report and what you can do with it.
  • MR security widget and how to see the details.
• Vulnerability deduplication
  • Move existing content
• Security report validation
  • Move existing content

Related issues

#525635 (closed)

Author's checklist

• Optional. Consider taking the GitLab Technical Writing Fundamentals course.
• Follow the:
  • Documentation process.
  • Documentation guidelines.
  • Style Guide.
• If you're adding a new page, add the product availability details under the H1 topic title.
• If you are a GitLab team member, request a review based on:
  • The documentation page's metadata.
  • The associated Technical Writer.

If you are a GitLab team member and only adding documentation, do not add any of the following labels:

• ~"frontend"
• ~"backend"
• ~"type::bug"
• ~"database"

These labels cause the MR to be added to code verification QA issues.

Reviewer's checklist

Documentation-related MRs should be reviewed by a Technical Writer for a non-blocking review, based on Documentation Guidelines and the Style Guide.

If you aren't sure which tech writer to ask, use roulette or ask in the #docs Slack channel.

• If the content requires it, ensure the information is reviewed by a subject matter expert.
• Technical writer review items:
  • Ensure docs metadata is present and up-to-date.
  • Ensure the appropriate labels are added to this MR.
  • Ensure a release milestone is set.
  • If relevant to this MR, ensure content topic type principles are in use, including:
    • The headings should be something you'd do a Google search for. Instead of Default behavior, say something like Default behavior when you close an issue.
    • The headings (other than the page title) should be active. Instead of Configuring GDK, say something like Configure GDK.
    • Any task steps should be written as a numbered list.
    • If the content still needs to be edited for topic types, you can create a follow-up issue with the docs-technical-debt label.
• Review by assigned maintainer, who can always request/require the reviews above. Maintainer's review can occur before or after a technical writer review.