Scope remediations records to projects

What does this MR do?

This MR introduces a new column for the vulnerability_remediations table to scope its entries with projects. The reason is, if a user stores some confidential information in the summary attribute of the Remediation this can leak to other projects unless the records are scoped to projects.

Related to #239177

Database review

There are two migrations created in the scope of this MR. The first one is adding the new column called project_id and the foreign key to the projects table and the second one is removing an index and creating a new compound one.

rake db:migrate:up

Adding the new column with the foreign key;

== 20201204085522 AddProjectIdIntoVulnerabilityRemediations: migrating ========
-- add_column(:vulnerability_remediations, :project_id, :bigint, {:null=>false})
   -> 0.0012s
== 20201204085522 AddProjectIdIntoVulnerabilityRemediations: migrated (0.0096s)

Removing the old index and adding the new one with foreign key;

== 20201204090855 AddCompoundIndexToVulnerabilityRemediationsTable: migrating =
-- transaction_open?()
   -> 0.0000s
-- index_exists?(:vulnerability_remediations, [:project_id, :checksum], {:unique=>true, :name=>"index_vulnerability_remediations_on_project_id_and_checksum", :algorithm=>:concurrently})
   -> 0.0034s
-- add_index(:vulnerability_remediations, [:project_id, :checksum], {:unique=>true, :name=>"index_vulnerability_remediations_on_project_id_and_checksum", :algorithm=>:concurrently})
   -> 0.0037s
-- transaction_open?()
   -> 0.0000s
-- foreign_keys(:vulnerability_remediations)
   -> 0.0031s
-- execute("ALTER TABLE vulnerability_remediations\nADD CONSTRAINT fk_fc61a535a0\nFOREIGN KEY (project_id)\nREFERENCES projects (id)\nON DELETE CASCADE\nNOT VALID;\n")
   -> 0.0048s
-- execute("ALTER TABLE vulnerability_remediations VALIDATE CONSTRAINT fk_fc61a535a0;")
   -> 0.0058s
-- transaction_open?()
   -> 0.0000s
-- indexes(:vulnerability_remediations)
   -> 0.0017s
-- remove_index(:vulnerability_remediations, {:algorithm=>:concurrently, :name=>"index_vulnerability_remediations_on_checksum"})
   -> 0.0020s
== 20201204090855 AddCompoundIndexToVulnerabilityRemediationsTable: migrated (0.0316s)

rake db:migrate:down

Removing the old index and adding the new one;

== 20201204090855 AddCompoundIndexToVulnerabilityRemediationsTable: reverting =
-- transaction_open?()
   -> 0.0000s
-- index_exists?(:vulnerability_remediations, :checksum, {:unique=>true, :name=>"index_vulnerability_remediations_on_checksum", :algorithm=>:concurrently})
   -> 0.0031s
-- add_index(:vulnerability_remediations, :checksum, {:unique=>true, :name=>"index_vulnerability_remediations_on_checksum", :algorithm=>:concurrently})
   -> 0.0046s
-- transaction_open?()
   -> 0.0000s
-- indexes(:vulnerability_remediations)
   -> 0.0012s
-- remove_index(:vulnerability_remediations, {:algorithm=>:concurrently, :name=>"index_vulnerability_remediations_on_project_id_and_checksum"})
   -> 0.0018s
-- foreign_keys(:vulnerability_remediations)
   -> 0.0030s
-- remove_foreign_key(:vulnerability_remediations, {:column=>:project_id})
   -> 0.0036s
== 20201204090855 AddCompoundIndexToVulnerabilityRemediationsTable: reverted (0.0240s)

Removing the new column;

== 20201204085522 AddProjectIdIntoVulnerabilityRemediations: reverting ========
-- remove_column(:vulnerability_remediations, :project_id)
   -> 0.0011s
== 20201204085522 AddProjectIdIntoVulnerabilityRemediations: reverted (0.0069s)

Does this MR meet the acceptance criteria?

Conformity

• Changelog entry
• [-] Documentation (if required)
• Code review guidelines
• Merge request performance guidelines
• Style guides
• Database guides
• Separation of EE specific content

Availability and Testing

• [-] Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
• [-] Tested in all supported browsers
• [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

• [-] Label as security and @ mention @gitlab-com/gl-security/appsec
• [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
• [-] Security reports checked/validated by a reviewer from the AppSec team