Refactor Security::PipelineVulnerabilitiesFinder to return a relation instead of an array

Summary

In line with the deprecation of Kaminari.paginate_array in favor of Kaminari.paginate, the Also, the depending API::VulnerabilityFindings::vulnerability_occurrences_by has to be changed to return an ActiveRecord::Relation.

This cannot be achieved without refactoring the Security::PipelineVulnerabilitiesFinder to return an ActiveRecord::Relation as well. Also, the rest of the Security::PipelineVulnerabilitiesFinder usages need to be check to continue working as expected after changing the finder return value.

Improvements

Benefits of this refactoring are expressed in the Kaminari.paginate_array deprecation issue.

Risks

Current usages of Security::PipelineVulnerabilitiesFinder that may break if not properly wired up to its new return value:

• Ci::CompareContainerScanningReportsService
• Ci::CompareDependencyScanningReportsService
• `Ci::CompareSastReportsService
• API::VulnerabilityFindings

Involved components

• ee/app/finders/security/pipeline_vulnerabilities_finder.rb
• ee/app/services/ci/compare_container_scanning_reports_service.rb
• ee/app/services/ci/compare_dependency_scanning_reports_service.rb
• ee/app/services/ci/compare_sast_reports_service.rb
• ee/lib/api/vulnerability_findings.rb