feat: add remote security scanning

Description

This MR adds a feature that will allow users to scan their code for security vulnerabilities using a new feature in gitlab-lsp.

The following settings have been added:

• gitlab.featureFlags.remoteSecurityScans - passed to the language server to enable/disable responding to textDocument/didSave notifications
• gitlab.securityScans.serviceUrl - passed to the language server as the endpoint used (when the feature is enabled) to initiate a scan on save

The command gl.runSecurityScan has also been added, primarily for testing. It sends a textDocument/didSave notification for the current document, initiating a scan on demand.

Related Issues

• Add SAST scan feature to gitlab-lsp (gitlab#464097 - closed) • Jason Leasure • 17.4
• SAST Scanning in VS Code (gitlab#468473 - closed) • Erran Carey • Next 4-6 releases

For context

• the engineering epic: Static Analysis: real-time IDE SAST technical i... (&13753)
• the product epic: Scan for SAST findings as developers work in ID... (&10283)

How has this been tested?

The only testing has been ad-hoc with a local instance of the scanning service.

1. checkout

   git clone -b add-lsp git@gitlab.com:gitlab-org/secure/sast-ide-integration.git
   cd sast-ide-integration
   ./scripts/setup.sh
   # to track branches
   git -C gitlab-lsp switch main
   git -C gitlab-vscode-extension switch sast-ide_add-lsp

2. start the service locally

   ./scripts/start-scanner-service.sh

3. Install or debug ./gitlab-vscode-extension.

4. Open a test project with the following settings

   "gitlab.featureFlags.remoteSecurityScans": true,
   "gitlab.securityScans.serviceUrl": "http://localhost:8080/scan"

5. add a vulnerable file to the test project, e.g. a test file from the sast-rules projects like this one

6. save the file or run the command GitLab: Run Security Scan to start a scan.

What CHANGELOG entry will this MR create?

• fix: Bug fix fixes - a user-facing issue in production - included in changelog
• feature: New feature - a user-facing change which adds functionality - included in changelog
• BREAKING CHANGE: (fix or feature that would cause existing functionality to change) - should bump major version, mentioned in the changelog
• None - other non-user-facing changes