Audit event logging for DAST config changes
<!-- The first four sections: "Problem to solve", "Intended users", "User experience goal", and "Proposal", are strongly recommended, while the rest of the sections can be filled out during the problem validation or breakdown phase. However, keep in mind that providing complete and relevant information early helps our product team validate the problem and start working on a solution. -->
### Problem to solve
<!-- What problem do we solve? Try to define the who/what/why of the opportunity as a user story. For example, "As a (who), I want (what), so I can (why/value)." -->
As the person responsible for the security scanning of my websites, I want to know when changes have been made to the DAST scan and site configs, so that I can know who made what changes.
### Intended users
<!-- Who will use this feature? If known, include any of the following: types of users (e.g. Developer), personas, or specific company roles (e.g. Release Manager). It's okay to write "Unknown" and fill this field in later.
Personas are described at https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/
* [Cameron (Compliance Manager)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#cameron-compliance-manager)
* [Parker (Product Manager)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#parker-product-manager)
* [Delaney (Development Team Lead)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#delaney-development-team-lead)
* [Presley (Product Designer)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#presley-product-designer)
* [Sasha (Software Developer)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sasha-software-developer)
* [Devon (DevOps Engineer)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#devon-devops-engineer)
* [Sidney (Systems Administrator)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sidney-systems-administrator)
* [Sam (Security Analyst)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sam-security-analyst)
* [Rachel (Release Manager)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#rachel-release-manager)
* [Alex (Security Operations Engineer)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#alex-security-operations-engineer)
* [Simone (Software Engineer in Test)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#simone-software-engineer-in-test)
* [Allison (Application Ops)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#allison-application-ops)
* [Priyanka (Platform Engineer)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#priyanka-platform-engineer)
* [Dana (Data Analyst)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#dana-data-analyst)
-->
* [Cameron (Compliance Manager)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#cameron-compliance-manager)
* [Parker (Product Manager)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#parker-product-manager)
* [Delaney (Development Team Lead)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#delaney-development-team-lead)
* [Sasha (Software Developer)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sasha-software-developer)
* [Devon (DevOps Engineer)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#devon-devops-engineer)
* [Sidney (Systems Administrator)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sidney-systems-administrator)
* [Sam (Security Analyst)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sam-security-analyst)
* [Rachel (Release Manager)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#rachel-release-manager)
### User experience goal
<!-- What is the single user experience workflow this problem addresses?
For example, "The user should be able to use the UI/API/.gitlab-ci.yml with GitLab to <perform a specific task>"
https://about.gitlab.com/handbook/engineering/ux/ux-research-training/user-story-mapping/ -->
The user should be able to go to the "Security & Compliance" => "Audit Events" section of their project and see anything that has been logged there, specifically, any changes to the DAST config profiles.
### Proposal
<!-- How are we going to solve the problem? Try to include the user journey! https://about.gitlab.com/handbook/journeys/#user-journey -->
The events that should be logged are:
- Creation of a new Scanner or Site profile
- The "Action" should state that a new [Scanner/Site] profile was created
- The "Target" should state the name of the new profile
- Deletion of a Scanner or Site profile
- The "Action" should state that a [Scanner/Site] profile was deleted
- The "Target" should state the name of the deleted profile
- Editing of a Scanner or Site profile
- The "Action" should state that a [Scanner/Site] profile was edited
- (Stretch) The Action should state what fields were changed and what the new selected options are
- The "Target" should state the name of the edited profile
- Creation of a saved on-demand DAST test
- The "Action" should state that a new on-demand DAST test was created
- The "Target" should state the name of the new test
- Deletion of a saved on-demand DAST test
- The "Action" should state that an on-demand DAST test was deleted
- The "Target" should state the name of the deleted test
- Editing of a saved on-demand DAST test
- The "Action" should state that an on-demand DAST test was edited
- (Stretch) The Action should state what was changed (profile/branch/name) and what the new value is
- The "Target" should state the name of the on-demand DAST test
### Further details
<!-- Include use cases, benefits, goals, or any other details that will help us understand the problem better. -->
Maintainer and owner roles should have access to see the audit events.
### Documentation
<!-- See the Feature Change Documentation Workflow https://docs.gitlab.com/ee/development/documentation/workflow.html#for-a-product-change
* Add all known Documentation Requirements in this section. See https://docs.gitlab.com/ee/development/documentation/feature-change-workflow.html#documentation-requirements
* If this feature requires changing permissions, update the permissions document. See https://docs.gitlab.com/ee/user/permissions.html -->
* Update of the DAST docs to notify that all changes to the config profiles will be logged to the project Audit Event log.
* Update of docs describing the Audit event log to include the new changes that will be logged there.
### Execution
Use `AuditEventService#security_event` to persist events for the `DastSiteProfile`, `DastScannerProfile`, and `Dast::Profile` models. This will involve adding a method for each of the objects to `AuditEventService` that can handle `:create`, `:update`, and `:destroy` events. The [AuditEventService#for_member](https://gitlab.com/gitlab-org/gitlab/-/blob/de86174681bbb0f89615616280caeab8a3971075/ee/app/services/ee/audit_event_service.rb#L13) method can serve as a guide on how to structure the new methods.
[AuditEventService#for_changes](https://gitlab.com/gitlab-org/gitlab/-/blob/de86174681bbb0f89615616280caeab8a3971075/ee/app/services/ee/audit_event_service.rb#L104) might be worth using for the ~Stretch goal of including details on the changes made during `:update` events.
- [x] Use `AuditEventService` to log uses of `DastScannerProfiles::CreateService`, `DastScannerProfiles::UpdateService`, and `DastScannerProfiles::DestroyService` using the parameters defined in the [Proposal](#proposal)
- [ ] Use `AuditEventService` to log uses of `DastSiteProfiles::CreateService`, `DastSiteProfiles::UpdateService`, and `DastSiteProfiles::DestroyService` using the parameters defined in the [Proposal](#proposal)
- [ ] Use `AuditEventService` to log uses of `Dast::Profiles::CreateService`, `Dast::Profiles::UpdateService`, and `Dast::Profiles::DestroyService` using the parameters defined in the [Proposal](#proposal)
- [ ] Update the documentation as mentioned in [Documentation](#documentation)
- [ ] ~Stretch create one audit event for each field changed on the object, and specify the details using `AuditEventService#for_changes` so that users can see exactly what changed
- [x] ~Stretch ~"technical debt" if possible, move the changed DAST services into the `AppSec::Dast` namespace
issue