Fix security report widget for forks

Merge requests from forks run the pipeline in the context of the source
project (i.e., the fork), rather than the target project. This change
makes sure that the correct project is used to get the pipeline jobs
information.

This change also works for same-project merge requests, since in that
case the source project _is_ the target project.

app/assets/javascripts/vue_merge_request_widget/mr_widget_options.vue

@@ -464,7 +464,7 @@ export default {
       <security-reports-app
         v-if="shouldRenderSecurityReport"
         :pipeline-id="mr.pipeline.id"
-        :project-id="mr.targetProjectId"
+        :project-id="mr.sourceProjectId"
         :security-reports-docs-path="mr.securityReportsDocsPath"
       />
 

changelogs/unreleased/272983-fix-security-mr-widget-forks.yml

+---
+title: Fix getting security report information on merge requests from forks
+merge_request: 49354
+author:
+type: fixed

ee/app/assets/javascripts/vue_merge_request_widget/mr_widget_options.vue

@@ -311,7 +311,7 @@ export default {
       <security-reports-app
         v-if="shouldRenderBaseSecurityReport"
         :pipeline-id="mr.pipeline.id"
-        :project-id="mr.targetProjectId"
+        :project-id="mr.sourceProjectId"
         :security-reports-docs-path="mr.securityReportsDocsPath"
         :sast-comparison-path="mr.sastComparisonPath"
         :secret-scanning-comparison-path="mr.secretScanningComparisonPath"