Swap FK vulnerability_feedback.pipeline_id to ci_pipelines for LFK

What does this MR do and why?

Per &7249 (closed)

As part of our CI "decomposition" efforts we need to remove all foreign keys that are cross-database (ie. between the planned main and ci databases). We are going to replace them all with "loose foreign keys".

Related: #348272 (closed)

!77640 (merged) previously added the LFK

Validations

• Best team to review (check off when reviewed): groupthreat insights devopssecure
• No way for user to access once parent is deleted. Please explain: (@minac ?) We are using the pipeline_id column to show on which pipeline the vulnerability has been dismissed. We are already checking if the pipeline.present? to render the information and frontend can gracefully handle the response if the pipeline is null so there is no problem.
• Possible to access once parent deleted but low user impact. Please explain:
• Possible Sidekiq workers that may load directly and possibly lead to exceptions. Please explain:
• Possible user impact to be evaluated or mitigated. Please explain:
• Is this FK safe to be removed to avoid LOCKing problems? (Explanation: &7249 (comment 819662046)). Please explain: Yes. We agreed that getting lock on ci_pipelines is possible

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.