Add AND operator and enhance vulnerability handling in policy evaluations

[arjavdongaonkar]

Description

The policy evaluation logic for ALL operator was aggregating condition matches at the component level, which allowed different vulnerabilities to satisfy different policy conditions. This resulted in false-positive policy violations because the system treated a policy as satisfied even when no single vulnerability matched all required conditions.

A new operator ("AND") is introduced to evaluate ALL conditions per vulnerability in AND way.
Each vulnerability is now checked independently, and a policy violation is created only when:

The same vulnerability triggers every policy condition defined in the policy.

During this change, PolicyViolation was extended to include a reference to the associated vulnerability.

Addressed Issue

#5490

Checklist

• I have read and understand the contributing guidelines
• This PR fixes a defect, and I have provided tests to verify that the fix is effective
• This PR implements an enhancement, and I have provided tests to verify that it works as intended
• This PR introduces changes to the database model, and I have added corresponding update logic
• This PR introduces new or alters existing behavior, and I have updated the documentation accordingly

[owasp-dt-bot]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.