Configure SAST in `.gitlab-ci.yml`, creating this file if it does not already exist

Related issues

Developer checklist

• On "Related issues" section, write down the [Cloud Native Images Security] issue it belongs to (i.e. Related to <issue_id>).
• MR targets master, or X-Y-stable for backports.
• Milestone is set for the version this merge request applies to. A closed milestone can be assigned via quick actions.
• Title of this MR is the same as for all backports.
• A CHANGELOG entry has been included, with Changelog trailer set to security.
• Assign to a reviewer and maintainer, per our Code Review process.
• For the MR targeting master, ensure it's approved according to our Approval Guidelines
• Merge request must not close the corresponding security issue, unless it targets master.

Reviewer checklist

• Correct milestone is applied and the title is matching across all backports
• Assigned to @gitlab-release-tools-bot with passing CI pipelines