Fix broken vulnerability ID in remediations

What does this MR do?

Fix broken vulnerability ID in remediations.

• remediateReport now takes the report.Report along with the affected files returned by the scanner.
• It uses the report to find vulnerabilities that match affections that have been cured, and get their ID. This is implemented in a local function named vulnID().
• Remediations are directly added to the report, instead of being returned.

What are the relevant issue numbers?

Gemnasium analyzer generates different id for r... (gitlab-org/gitlab#430922 - closed)

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer