Backfill default security_project_ref_id to tables that now include it

Various tables will be updated to now included foreign key relationships to a security_project_ref_id to represent their relationship to a tracked branch/tag in the project.

In the process of the initial implementation, we need to have begun tracking this information, configured it to be filled in through normal operation and then backfilled all projects with a default record for this relationship. Once all that work is done, all the tables that will relate to it will have a load of existing records which will need to be updated to relate to the newly backfilled default branch records.

Only then can we begin enforcing this relationship in a followup issue.

present_on_default_branch: false

Similar to this proposal, when we permit the creation of vulnerabilities on non default branches, we facilitate this by creating a vulnerability with present_on_default_branch: false to create the necessary relationships.

This is fine, however this means that when we backfill the tracked_contexts to vulnerabilities, we need to be careful not to relate these branches to the default branch if we can help it. We may be able to recover this original branch context from the ci_pipeline associated with the vulnerability.

Unfortunately it may be the case that the ci_pipeline information for some of these records has already been lost, in which case the only option would be to relate the vulnerabilities to an "unknown" context type.