Add vulnerabilities_duo_workflows table, model

What does this MR do and why?

With the Agent Platform expansion, we can already foresee that we need a way to map an Agent Session to a different GitLab from a database perspective. For example, if I want to run a security vulnerability flow on every s1 severity reported, then we may want to present this session ID inside the vulnerability table so that users know that it is ongoing and to see the progress there.

This MR introduces a many-to-many relationship between Agent Sessions (Duo Workflow sessions) and vulnerabilities, with the intent to create these relationships for other entities in future as well.

This means that when a new session is created, we can now create a junction table based off the flow that was started to the right entities to make this possible.

In this MR a sub module was created Entities to help in organisation of potential future relationships, and the changeset kept small. Following this will be a change to insert into this new table when a session is created.

Technical Approach

We discussed doing this via polymorphic tables, however this approach is discouraged as noted here.

An alternative approach was presented which was join tables for every relationship we care about mapping.

Further to this we also discussed creating a source trigger enum on workflows as potential future improvements.

References

https://gitlab.com/gitlab-org/gitlab/-/issues/566417 https://gitlab.com/gitlab-org/gitlab/-/issues/559989

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #559989