Why:

* By allowing pipelines in other projects to be associated it will
  expose details about pipelines that may be private to prying eyes.

This change addresses the need by:

* Add model test case: nonexistent pipeline
* Add model test case: pipeline in different project
* Add model test case: null pipeline id
* Add model test case: valid pipeline id in the same project
* Add model test case: only_valid_feedback scope
* Add vulnerability_feedback controller test: index with feedback
  associated with a pipeline in another project in the db
* Add vulnerability_feedback controller test: create with nonexistent
  pipeline
* Add vulnerability_feedback controller test: create with pipeline in
  different project
* Add vulnerability_feedback controller test: create with null pipeline
  id
* Add model validation for pipeline to exist when pipeline_id is present
* Add model validation for same_project_association on pipeline
* Add model scope only_valid_feedback
* Update feedback controller index to use only_valid_feedback scope
* Loosened schema for vulnerability_feedback controller response as
  pipeline wasn't required as of yet.