Part of the [Instance Security Dashboard MVC][1].

This improves the integration between the existing frontend parts of the
Instance Security Dashboard and gets it closer the the target UX.

In particular:

- The `ProjectManager` component is now included in the root component.
- The security dashboard store's mediator is now aware of a `lazy` flag
  for some mutations, allowing updates to filters *without* triggering
  an immediate re-fetch of vulnerabilities. This is to avoid expensive
  requests from firing when they're unnecessary.
- A new security dashboard store plugin registers the
  `projectSelector` store module, and sets up a mutation subscription to
  sync the dashboard's project filter dropdown with whatever projects
  have been chosen by the user in the `ProjectManager`.
- The correct module name (`projectSelector`) is bound in the root
  component.
- The `filters/setFilterOptions` action now updates the given filter's
  selection if the new set of options would otherwise result in an invalid
  selection. A nice side-effect of this is that for security dashboards
  with a router, if the user navigates to a URL with an invalid
  `project_id` in the URL, the project filter gets reset to 'All'.
  Previously, the dropdown would just render in an inconsistent state.
- A race condition was fixed, which caused invalid projects' names not
  to be displayed in the flash after attempting to add them with the
  `ProjectManager`.
- The "Add projects" button is now disabled when already adding projects
  (to prevent concurrent requests).
- The project list's loading spinner was moved/re-styled to avoid the
  list jumping around.
- Various derived state was refactored into store getters, e.g.,
  `isUpdatingProjects`.
- Various unused imported components were removed.
- The initial loading spinner's padding was increased.
- Various styling tweaks to conform better with design specifications.

[1]: https://gitlab.com/gitlab-org/gitlab/issues/6953