Store SAST scan results into the database
Problem to solve
Data from SAST reports should be in the database, and consumers should use that backend instead of the raw JSON report.
This is required in order to present SAST results in a group-level Security Dashboard. See https://gitlab.com/gitlab-org/gitlab-ee/issues/6709 and https://gitlab.com/gitlab-org/gitlab-ee/issues/6240
Also, it could be use to improve the performance of the existing Security Dashboard. See https://gitlab.com/gitlab-org/gitlab-ee/issues/6165
Further details
If consumers need to elaborate or aggregate data from many reports (e.g., group level features) it is not possible to use artifacts for that without heavily affecting performances.
Proposal
Save SAST reports in the database when they are collected from the Runner. Make this information available to the frontend via backend calls.
For the first iteration, it will not replace the artifact access. We can decouple this change and update the frontend independently.