Abort rendering of security reports that aren't set up

• Related issue: #14793 (closed)

What does this MR do?

This MR creates a new EE::MergeRequest#enabled_reports method that indicates what MR reports are enabled/disabled. We then use this data to populate the MergeRequestStore in order to abort the rendering of disabled reports in the MR widget instead of allowing the reports to show up and eventually error out when the corresponding XHR requests resolve.

This change only affects reports rendering when the corresponding *MergeRequestReportApi feature flag is enabled.

Screenshots

Here's an example where the SAST report isn't set up. With the current behavior, the SAST report renders but eventually errors out:

With the new behavior, the SAST report never renders (and doesn't attempt to fetch SAST reports):

Does this MR meet the acceptance criteria?

Conformity

• Changelog entry
• [-] Documentation (if required)
• Code review guidelines
• [-] Merge request performance guidelines
• Style guides
• [-] Database guides
• Separation of EE specific content

Availability and Testing

• Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
• [-] Tested in all supported browsers