[Updater] Extract UpdateVulnerableVersion as an Operation class

[brrygrdn]

Follows on from #6866, #6884, #6939

This branch peels out the Updater code required to accept a job which is generating a new Dependabot PR for a security update using the typical approach of:

• Extract the entire code path required from the Updater
• Remove any code related to non-concerns for this operation type, in this case version updates and rebases
• Wire it into the Updater to be used for a specific job type, verifying current testing passes

Notes

The one significant deviation from the previous PRs is that this does make test changes. In order to pass the existing tests, some setups need to be completed by ensuring there is a value for job.dependencies.

In real-world conditions, we would never start a Security Update job without at least one, and normally only one, specific target dependency to fix.

This should not realistically result in a change of behaviour, it is essentially removing an unsupported "working by accident" codepath where the Dependency files contain exactly the insecure dependency to be fixed.

[brrygrdn]

Before merging this, there is some cleanup work I'd like to push forward on the existing three Operation classes to avoid continuing the heavy duplicate since Security Updates have so many more helper methods.

I've created this as a reference to make sure my cleanup aligns with the "next" step in the refactor without breaking the tests.

[brrygrdn]

This PR shouldn't merge until the smoke tests have been updated: dependabot/smoke-tests#51

Currently, the security update smoke test goes into the legacy_run codeline by accident.

[deivid-rodriguez]

First time I review these refactorings and I love them!

[deivid-rodriguez]

We should be able to fully move this method to UpdateChecker after #5902 and not keep it duplicated for all operations.

[brrygrdn]

This is great news, that method has been a thorn in our side on this work!