Disallow NULL values in detected_at column (#336091)

What does this MR do?

It implements the first step of the issue #336091:

Create a post-deployment migration according to step 1 of Add a NOT NULL constraint to an existing column

I have added a spec to test the model validation added.

Migrations

❯ bundle exec rails db:migrate        
== 20210729132645 AddNotNullConstraintToVulnerabilitiesDetectedAt: migrating ==
-- current_schema()
   -> 0.0006s
-- transaction_open?()
   -> 0.0000s
-- current_schema()
   -> 0.0007s
-- execute("ALTER TABLE vulnerabilities\nADD CONSTRAINT check_e987357e3b\nCHECK ( detected_at IS NOT NULL )\nNOT VALID;\n")
   -> 0.0015s
== 20210729132645 AddNotNullConstraintToVulnerabilitiesDetectedAt: migrated (0.0216s)

❯ bundle exec rails db:rollback STEP=1                                
== 20210729132645 AddNotNullConstraintToVulnerabilitiesDetectedAt: reverting ==
-- execute("ALTER TABLE vulnerabilities\nDROP CONSTRAINT IF EXISTS check_e987357e3b\n")
   -> 0.0019s
== 20210729132645 AddNotNullConstraintToVulnerabilitiesDetectedAt: reverted (0.0103s)

Does this MR meet the acceptance criteria?

Conformity

• I have included changelog trailers, or none are needed. (Does this MR need a changelog?)
• I have added/updated documentation, or it's not needed. (Is documentation required?)
• I have properly separated EE content from FOSS, or this MR is FOSS only. (Where should EE code go?)
• I have added information for database reviewers in the MR description, or it's not needed. (Does this MR have database related changes?)
• I have self-reviewed this MR per code review guidelines.
• This MR does not harm performance, or I have asked a reviewer to help assess the performance impact. (Merge request performance guidelines)
• I have followed the style guides.
• This change is backwards compatible across updates, or this does not apply.

Availability and Testing

• I have added/updated tests following the Testing Guide, or it's not needed. (Consider all test levels. See the Test Planning Process.)
• I have tested this MR in all supported browsers, or it's not needed.
• I have informed the Infrastructure department of a default or new setting change per definition of done, or it's not needed.

Related to #336091