Add the custom SAST rules automation to the `gitlab-org/gitlab-qa` project
Related to https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules/-/issues/32 and required to make it effective.
This will be the first time we use this outside of gitlab-org/gitlab
. It's a good time to explore CI/CD components to avoid duplication of config files https://docs.gitlab.com/ee/ci/components/