Add application-layer length validation for binary columns of SRM-related tables

This MR adds missing application-level validations for several SHA and fingerprint fields in the Vulnerability and SBOM domain models. It introduces maximum length checks (40 or 64 characters, depending on the field) and also adds a missing presence validation for Vulnerabilities::FindingSignature#signature_sha. Matching model specs are updated to cover each new validation.

Here is the list of validated attributes;

• Sbom::Occurrence#commit_sha is a 32-byte(or 20-byte) 64-character hexadecimal Git SHA value.
• Sbom::OccurrenceRef#commit_sha is a 32-byte(or 20-byte) 64-character hexadecimal Git SHA value.
• Vulnerabilities::Finding#location_fingerprint is a 20-byte 40-character hexadecimal SHA1 value.
• Vulnerabilities::FindingSignature#signature_sha is a 20-byte 40-character hexadecimal SHA1 value.
• Vulnerabilities::Identifier#fingerprint is a 20-byte 40-character hexadecimal SHA1 value.
• Vulnerabilities::Remediation#checksum is a 32-byte 64-character hexadecimal SHA256 value.
• Vulnerabilities::RepresentationInformation#resolved_in_commit_sha is a 32-byte(or 20-byte) 64-character hexadecimal Git SHA value.

We have decided to add application-layer validations instead of DB-layer constraints because they are easier to change when the hashing algorithm generating the value changes.

Related to https://gitlab.com/gitlab-org/gitlab/-/work_items/585493.