feat(metrics): audited/unaudited by policy violation state

[setchy]

Description

Add support for audited/unaudited policy violation metrics by state (fail, warn, info)

Addressed Issue

Closes #3612

Additional Details

Checklist

• I have read and understand the contributing guidelines
• This PR fixes a defect, and I have provided tests to verify that the fix is effective
• This PR implements an enhancement, and I have provided tests to verify that it works as intended
• This PR introduces changes to the database model, and I have added corresponding update logic
• This PR introduces new or alters existing behavior, and I have updated the documentation accordingly

[codacy-production]

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation	Diff coverage
✅ +0.54% (target: -1.00%)	✅ 98.90% (target: 70.00%)

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (c15560b)	21606	16001	74.06%
Head commit (145056a)	21868 (+262)	16313 (+312)	74.60% (+0.54%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#3615)	182	180	98.90%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

_{You may notice some variations in coverage metrics with the latest Coverage engine update. For more details, visit the documentation}

[setchy]

@nscuro - would love to target 4.12.x milestone for this

[setchy]

@nscuro - any feedback you or the team have re: this enhancement?

[nscuro]

@setchy I'll have a look and provide feedback by EOW.

[nscuro]

Good enhancement overall, just needs some clarification so we can avoid breaking changes.

[nscuro]

This is a breaking change in both the database schema (or rather the data is holds), as well as the REST API. I know it's not pretty, but we should keep using the policyViolationsFail field and column.

We can add a new policyViolationsFailTotal getter that just returns policyViolationsFail - that would make the new field available via REST API without breaking semantics of the old field, and it would not require a migration of existing data.

Alternatively, we need to migrate all data from POLICYVIOLATIONS_FAIL to POLICYVIOLATIONS_FAIL_TOTAL, drop the POLICYVIOLATIONS_FAIL column, and must ensure that policyViolationsFail and policyViolationsFailTotal return the same value in the REST API.

[nscuro]

I think this should check for BooleanUtils.isFalse(violation.suppressed) instead. Suppressed findings and violations are counted separately and are not included in *Audited metrics.