Project security dashboards were displaying no vulnerabilities for
public projects, even when the latest pipeline reported
vulnerabilities.

The issue was our Namespace#store_security_reports_available? method,
which had no knowledge of the project or whether it was public, and
only checked for availability based on the instance's license.

I've added Project#can_store_security_reports?, which calls into
Namespace to check for license availability and _also_ checks
whether the project is public. Now public projects can get the
security scanning they've been wanting!

https://gitlab.com/gitlab-org/gitlab/issues/13422