As far as I can tell, there isn't any reason to keep it around.
Removing it opens the path to creating endpoints for first class
vulnerabilities.

* Delete Groups::Security::VulnerabilitiesController
* Remove feature flag logic from
    Groups::Security::VulnerabilityFindingsController
* Remove feature flag logic from GroupsHelper
* Remove legacy routes
* Remove specs for legacy controller and feature flag logic