Change `Vulnerability*Finder` interaction with archived projects

In [issue 213144][0] we defined new default expected behavior. We want
the default behavior for all finders to be:

Do not include vulnerability` or `vulnerability_read` objects in the
result-set if the project they are associated with is currently
`archived`

At the same time we want to, in a followup commit, provide API access
to toggle on/off the inclusion of `archived` objects

While implementing this behavior the following behavior was
encountered:

1. `vulnerability_read` vs `vulnerability` differences

    The [existing behavior][1] of `Group.vulnerabilities` is to ignore
    vulnerabilities associated with archived projects.

    The [existing behavior][2] of `Group.vulnerability_reads` does not
    necessarily account for the archived status of associated
    projects

    This commit unifies both to ignoring archive status, leaving that
    to be done in filters for the finders.

[0]:https://gitlab.com/gitlab-org/gitlab/-/issues/213144
[1]:https://gitlab.com/gitlab-org/gitlab/-/blob/45e01fad9dffb4c447bf701e040d552077f60dac/ee/app/models/ee/group.rb#L555-557
[2]:https://gitlab.com/gitlab-org/gitlab/-/blob/45e01fad9dffb4c447bf701e040d552077f60dac/ee/app/models/ee/group.rb#L559-561

Changelog: fixed
EE: true