Rename Vulnerabilities to Findings in Groups security routes

What does this MR do?

This MR adds to the step Rename existing Vulnerabilities API to Vulnerability Findings API of First-class vulnerabilities backend MVC implementation for the Groups routes that power the Group Security Dashboard.

This change is reflecting a major shift in what will be now called Vulnerabilities. Previously, the routes and API endpoints used the term vulnerabilities when the deal was about Vulnerability::Occurrence manipulation. The assumed relationship was 1-1, so the Occurrences were Vulnerabilities. First-class Vulnerabilities feature introduces a new separate entity Vulnerability as an epic-like object which groups separate Occurrences of it. The Occurrences get a new name - Findings. And the relationship between Vulnerability and Findings is 1-*. See more on terminology here.

That is why we're changing our APIs (both external and internal) to use the vulnerabilities term only when they are really working with Vulnerabilities. Otherwise, we rename them to use the vulnerability_findings term. But because we have to cover this change with feature flag, we have to support both APIs and toggle the behavior inside of them.

Both old and new routes will be present in the routes table since it's generated upon app initialization and gets preloaded by the webserver. Thus, routing is difficult to change in runtime when the feature flag is switched. That's why we manipulate the routing at the controller level. It's similar to how it's implemented for the Vulnerability Findings REST API.

Does this MR meet the acceptance criteria?

Conformity

• [-] Changelog entry
• [-] Documentation created/updated or follow-up review issue created
• Code review guidelines
• [-] Merge request performance guidelines
• Style guides
• [-] Database guides
• Separation of EE specific content

Performance and Testing

• Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
• [-] Tested in all supported browsers

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

• [-] Label as security and @ mention @gitlab-com/gl-security/appsec
• [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
• [-] Security reports checked/validated by a reviewer from the AppSec team