Implement vulnerability counts in basic security MR widget [RUN AS-IF-FOSS]

What does this MR do?

Implement vulnerability counts

This implements vulnerability counts on the SecurityReportsApp component, implemented behind a disabled-by-default feature flag core_security_mr_widget_counts, as part of #273423 (closed).

This cannot be enabled until the backend endpoints are modified to be usable in non-Ultimate plans. See #284689 for more details.

Screenshots (strongly suggested)

Caveats

To re-create the After screenshots below:

1. Enable the core_security_mr_widget_counts feature flag
2. Apply this patch to force the basic security widget to always render instead of the extended (Ultimate) version.
3. Either:
   • In a project which falls under an Ultimate plan, create an MR with a SAST or Secret Detection job, such that some vulnerabilities are found.
   • In a project which falls under a non-Ultimate plan (but running EE, not FOSS), create an MR with a SAST or Secret Detection job. Because of #284689, no vulnerabilities will reported.

Before	After (with caveats)
	Loading: With vulnerabilities: With no vulnerabilities:

Does this MR meet the acceptance criteria?

Conformity

• [-] Changelog entry
• [-] Documentation (if required)
• Code review guidelines
• [-] Merge request performance guidelines
• Style guides
• [-] Database guides
• Separation of EE specific content

Availability and Testing

• Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
• [-] Tested in all supported browsers
• [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done