Add dependency scanning template

What does this MR do?

I clicked on the menu item on GitLab Security & Compliance > Dependency List and it wasn't set up.

Apparently it's as simple as adding these two lines, see docs at https://docs.gitlab.com/ee/user/application_security/dependency_scanning/index.html#configuration.

This should give us a nice list showing if we have any vulnerable versions of things. I guess it would only work for the composer deps (and I didn't see any options for including some nodejs paths... but maybe that can come later...).

How confident are you it won't break things if deployed?

I didn't even know about these include templates, and I can half imagine something doesn't quite work, but with this kind of change I think we just need to do it and see what happens. It might only really do anything on master branch too.

Links to related issues

Checklist

• added a test, or explain why one is not needed/possible... not testable
• no unrelated changes
• asked someone for a code review
• joined #foodsharing-beta channel at https://slackin.yunity.org
• added an entry to CHANGELOG.md (description, merge request link, username(s))
• Once your MR has been merged, you are responsible to update the #foodsharing-beta Slack channel about what has been changed here. They will test your work in different browsers, roles or other settings