Remove old occurrences when not found in subsequent scan for the same image.

What does this MR do and why?

Remove old occurrences when not found in subsequent scan for the same image.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

1. Enable container scanning for registry and push an image to the registry with latest tag.
2. Go to rails console and check the project.sbom_occurrences.
3. Download the report and remove a component from the report.
4. Use the following code:

pipeline = Ci::Pipeline.last

path = "/Users/work/Downloads/test-1.cdx.json"
parsed_data = JSON.parse(File.read(path))

report = Gitlab::Ci::Reports::Sbom::Report.new
Gitlab::Ci::Parsers::Sbom::Cyclonedx.new.parse!(parsed_data.to_json, report)

Sbom::Ingestion::ExecutionStrategy::ContainerScanningForRegistry.new([report], project, pipeline).execute

5. Check the occurrence of the removed component is eliminated; without this MR, it will still be present.

Query plan

1. Explain

Click to expand

EXPLAIN for: SELECT "sbom_occurrences".* FROM "sbom_occurrences" WHERE "sbom_occurrences"."project_id" = 65 AND "sbom_occurrences"."source_id" = 1 AND "sbom_occurrences"."id" != 1 
                                                        QUERY PLAN
---------------------------------------------------------------------------------------------------------------------------
 Index Scan using idx_sbom_occurrences_on_project_id_and_source_id on sbom_occurrences  (cost=0.28..3.29 rows=2 width=255)
   Index Cond: ((project_id = 65) AND (source_id = 1))
   Filter: (id <> 1)
(3 rows)

2. https://console.postgres.ai/gitlab/gitlab-production-main/sessions/32949/commands/101556

Related to #479137