Instrument CI-based security scan

Based on the discussion here, we've decided to start creating the new SLI based on secure CI scans.

We can start emitting metrics on whether the scan is successful based on the report's status. Based on this discussion, we could use application SLI with just the error rate.

Note that currently scan reports always have "status": "success" because crashed scan jobs don't produce any report. This will be resolved in gitlab-org/gitlab#241342. Once reports are generated on job failure too, the metrics will automatically emit an error too.