Add support for new vulnerability status filtering

What does this MR do and why?

To support the frontend effort for #396985 (closed), we need to update our backend to support new filtering options for the Status field. With this new option, we can require approvals when new vulnerabilities are found with Dismissed or Needs Triage status.

Checklist

• backend Add new_needs_triage and new_dismissed options to vulnerability_states in ee/app/validators/json_schemas/security_orchestration_policy.json

• backend Update Gitlab::Ci::Reports::Security::Concerns::ScanFinding to check for the new states and use them to calculate count:

• backend Update Security::ScanResultPolicies::UpdateApprovalsService to check for the new states and use them to calculate uuids.

New query

SELECT
    "vulnerability_reads"."uuid"
FROM
    "vulnerability_reads"
WHERE
    "vulnerability_reads"."state" = 2
    AND "vulnerability_reads"."uuid" IN (
        SELECT
            "security_findings"."uuid"
        FROM
            "security_findings"
        WHERE
            "security_findings"."scan_id" IN (
                SELECT
                    "security_scans"."id"
                FROM
                    "security_scans"
                WHERE
                    "security_scans"."pipeline_id" = 845080680))

https://postgres.ai/console/gitlab/gitlab-production-tunnel-pg12/sessions/17981/commands/59796

This MR is related to issue #397057 (closed)

Screenshots or screen recordings

New statuses available in the .yaml mode

How to set up and validate locally

Steps

1. Create a new project
2. Go to /-/security/policies.
3. Click on New policy.
4. Select Scan result policy.
5. Change to yaml mode and copy one of the yaml policies below
6. Click on Configure with a merge request.
7. Merge the new MR.
8. Verify that you can create and merge policies with the new vulnerability_states.

Scenario 1 - new_needs_triage

type: scan_result_policy
name: Test new_needs_triage
description: ''
enabled: true
rules:
  - type: scan_finding
    branches: []
    scanners: []
    vulnerabilities_allowed: 0
    severity_levels:
      - critical
      - high
      - medium
      - low
      - unknown
      - info
    vulnerability_states:
      - new_needs_triage
actions:
  - type: require_approval
    approvals_required: 1
    user_approvers_ids:
      - 1

Scenario 2 - new_dismissed

type: scan_result_policy
name: Test new_dismissed
description: ''
enabled: true
rules:
  - type: scan_finding
    branches: []
    scanners: []
    vulnerabilities_allowed: 0
    severity_levels:
      - critical
      - high
      - medium
      - low
      - unknown
      - info
    vulnerability_states:
      - new_dismissed
actions:
  - type: require_approval
    approvals_required: 1
    user_approvers_ids:
      - 1

Scenario 3 - new_dismissed and new_needs_triage

type: scan_result_policy
name: Test new_dismissed and new_needs_triage
description: ''
enabled: true
rules:
  - type: scan_finding
    branches: []
    scanners: []
    vulnerabilities_allowed: 0
    severity_levels:
      - critical
      - high
      - medium
      - low
      - unknown
      - info
    vulnerability_states:
      - new_dismissed
      - new_needs_triage
actions:
  - type: require_approval
    approvals_required: 1
    user_approvers_ids:
      - 1

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.