Re-enable SAST scanning

What does this MR do?

Enables SAST scanning on the gitlab-org/gitlab-runner project.

Why was this MR needed?

Static Application Security Testing does not run for the gitlab-org/gitlab-runner project because SAST_DISABLED: "true" is set as a global CI variable: https://gitlab.com/gitlab-org/gitlab-runner/-/blob/main/.gitlab/ci/_common.gitlab-ci.yml?ref_type=heads#L27

As a result of SAST scans not running we are no longer detecting and flagging potential new vulnerabilities in MRs, pipeline security tabs, or the vulnerability dashboard. This also blocks our ability to configure merge request approval policies that would benefit from additional security review for any newly detected and newly introduced potential vulnerabilities.

As AppSec is expected to review, validate, and triage vulnerabilities, the lack of insight into SAST vulnerabilities is impacting our ability to perform this job dutiy.

What's the best way to test this MR?

• Verify that -sast jobs, specifically the semgrep-sast job, are not currently being triggered in any recent CI pipelines.
• Trigger a pipeline with the SAST_DISABLED: "true" line removed, then verify that SAST jobs are running and detected vulnerabilities are being flagged, as expected.