Add Dismiss Vulnerability API call to Vulnerabilities API

What does this MR do?

This MR adds a Dismiss Vulnerability API call to the new Vulnerabilities API which is one of the backstage changes required to implement the First-class Vulnerabilities MVC functionality. This is a huge feature with lots of new and changed terminology behind it, so here's a brief overview:

• a Vulnerability is an epic-like object (could become Issuable in future) to accumulate the full information about a unique vulnerability detected in a project: identifier (e.g. CVE-2019-1234567), severity, etc.
• it can have many places where it was detected in the project's source code
• such places are called Findings (previously they were called Occurrences and still the DB table behind them is called vulnerability_occurrences; this will be renamed later)
• a dismissal of a Vulnerability (transition from opened to closed state) leads to the cascade dismissal of all of its associated (has_many) Findings
• a dismissal of a Finding is the creation of Vulnerabilities::Feedback record; Finding and Vulnerabilities::Feedback are matched by equal values of the project_fingerprint column in both tables
• sidenote: making a Vulnerability resolved also moves it from opened to closed state but it does not create any Vulnerabilities::Feedback records for the associated Findings; this helps to distinguish between dismissed and resolved Findings

More on terminology behind First-class Vulnerabilities domain here.

This change is behind a feature flag defaulting to false, so:

• The documentation is not included in this MR, this is decided to do later
• When the feature flag is disabled, the endpoint responds with 404 Not Found
• There's no changelog entry for this MR
• There's an issue for removal of the feature flag

Does this MR meet the acceptance criteria?

Conformity

• [-] Changelog entry
• [-] Documentation created/updated or follow-up review issue created
• Code review guidelines
• Merge request performance guidelines
• Style guides
• Database guides
• Separation of EE specific content

Performance and Testing

• Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
• [-] Tested in all supported browsers

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

• Label as security and @ mention @gitlab-com/gl-security/appsec
• [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
• Security reports checked/validated by a reviewer from the AppSec team