Add configurable security MR report cache lifetime setting

What does this MR do and why?

Adds an application setting (security_mr_report_cache_lifetime_minutes) to configure how long security report comparisons are cached on merge requests.

When users view the security tab on merge requests, the MergeRequestSecurityReportGenerationService uses reactive caching to compute security report comparisons. The underlying Security::FindingsFinder query uses a LATERAL join that becomes expensive at scale (thousands of findings per pipeline). With the default 10-minute cache lifetime, the expensive query is recalculated frequently, causing database load.

Default behavior is unchanged (10 minutes). Administrators can increase the cache lifetime up to 60 minutes via Admin Area > Settings > Security and Compliance for instances experiencing high database load from security report generation.

Extending the cache lifetime is safe because:

• The cache already invalidates automatically when pipelines change via the latest? check in CompareSecurityReportsService
• Similar patterns exist elsewhere (e.g., EE::Group uses 1 hour cache lifetime for other reactive caching)

Related to https://gitlab.com/gitlab-com/request-for-help/-/issues/4212

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

1. Start GDK
2. Navigate to Admin Area > Settings > Security and Compliance
3. Find the new "Merge request security reports" section
4. Configure the cache lifetime (10-60 minutes)
5. Verify the setting is persisted

Or via Rails console:

ApplicationSetting.current.update!(security_mr_report_cache_lifetime_minutes: 60)

Or via API:

curl --request PUT --header "PRIVATE-TOKEN: <token>" \
  "https://gitlab.example.com/api/v4/application/settings?security_mr_report_cache_lifetime_minutes=60"