[RUN AS-IF-FOSS] Add option to send slack notifications when a new vulnerability is detected

What does this MR do?

Add option to send slack notifications when a new vulnerability is detected

Related to #334951 (closed)

Screenshots (strongly suggested)

Testing locally

1. Create a project, with a file named gl-dependency-scanning-report.json with the following content

   {
     "version": "2.4",
     "vulnerabilities": [
       {
         "id": "566894f5b08c7d540fc523535577f28d26b1a323b3827d65b7d2d04d28c30897",
         "category": "dependency_scanning",
         "name": "Exposure of Resource to Wrong Sphere CVE-2021-22897",
         "message": "Exposure of Resource to Wrong Sphere in haxx/curl CVE-2021-22897",
         "cve": "builds/gitlab-org/omnibus-gitlab/version-manifest.json:haxx/curl:cve:CVE-2021-22897",
         "severity": "Unknown",
         "scanner": {
           "id": "gitlab-depscan",
           "name": "GitLab Depscan"
         },
         "location": {
           "file": "builds/gitlab-org/omnibus-gitlab/version-manifest.json",
           "dependency": {
             "package": {
               "name": "haxx/curl"
             },
             "version": "7.74.0"
           }
         },
         "identifiers": [
           {
             "type": "cve",
             "name": "CVE-2021-22897",
             "value": "CVE-2021-22897",
             "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22897"
           }
         ],
         "links": [
           {
             "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22897"
           }
         ]
       }
     ],
     "remediations": []
   }

2. Configure CI using the following configuration

   dependency_scanning:
     stage: test
     script:
       - echo "Running Dependency Scanning"
     artifacts:
       reports:
         dependency_scanning: gl-dependency-scanning-report.json
       paths:
         - gl-dependency-scanning-report.json

3. Configure Slack integration for Vulnerabilities

4. Run a pipeline

5. If you need to test again, edit the security report file, do a find-and-replce-all of 897 with some three other digits.

Does this MR meet the acceptance criteria?

Conformity

• I have included changelog trailers, or none are needed. (Does this MR need a changelog?)
• I have added/updated documentation, or it's not needed. (Is documentation required?)
• I have properly separated EE content from FOSS, or this MR is FOSS only. (Where should EE code go?)
• I have added information for database reviewers in the MR description, or it's not needed. (Does this MR have database related changes?)
• I have self-reviewed this MR per code review guidelines.
• This MR does not harm performance, or I have asked a reviewer to help assess the performance impact. (Merge request performance guidelines)
• I have followed the style guides.
• This change is backwards compatible across updates, or this does not apply.

Availability and Testing

• I have added/updated tests following the Testing Guide, or it's not needed. (Consider all test levels. See the Test Planning Process.)
• I have tested this MR in all supported browsers, or it's not needed.
• I have informed the Infrastructure department of a default or new setting change per definition of done, or it's not needed.