Don't count fixed vulnerabilities

What does this MR do?

This MR updates the vulnerabilitySeveritiesCount field on ProjectType to only count vulnerabilities that haven't been fixed or dismissed.

#207442 (closed)

Does this MR meet the acceptance criteria?

Conformity

• Changelog entry
• Documentation (if required)
• Code review guidelines
• Merge request performance guidelines
• Style guides
• Database guides
• Separation of EE specific content

Availability and Testing

• Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.