BE: Support new Attribute filtering options

Why are we doing this work

Filtering by "attribute". An expected scenario for these filters would be to create a policy that requires approvals from the Security team only when a fix is available and when the vulnerability is not a false positive. Users will be able to use an "Is" or "Is Not" operator when defining attributes.

Fix Available: Whether or not a fix is available for the vulnerability (only applies to Container and Dependency Scanning)
False Positive: Whether or not the vulnerability has been identified as a false positive

This issue focusses on updating backend to support the attribute filter

Relevant links

Epic: &6826 (closed)
Design:

Non-functional requirements

Documentation: Update scan_finding rule type to include vulnerability_attribute attribute
Feature flag:
Performance:
Testing:

Implementation plan

Update security_orchestration_policy.json JSON schema to add definition for vulnerability_attribute attribute
Add column for vulnerability_attribute in scan_result_policies table
Update Security::SecurityOrchestrationPolicies::ProcessScanResultPolicyService to persist vulnerability_attribute in ScanResultPolicyRead
Update Security::ScanResultPolicies::UpdateApprovalsService to filter security_findings by false_positive and fix_available along with the logical condition

Verification steps

Edited Apr 19, 2023 by Sashi Kumar Kumaresan