Adds SyncSecurityReportsToReportApprovalRulesWorker responsible
for conditionally zero'ing out `approvals_required` when a report
contains no high-severity or critical-severity vulnerabilities