Switch DAST zap scanner to stable build

UPDATE: The ZAProxy stable release does not include ascanrulesAlpha rules. For that reason, we're using a known working weekly image: owasp/zap2docker-weekly:w2019-09-24.

Update the DAST scanner to use the stable/bare version of Zap instead of the weekly. https://github.com/zaproxy/zaproxy/wiki/Docker

The update would occur here: https://gitlab.com/gitlab-org/security-products/dast/blob/master/Dockerfile

The weekly build is not intended for Anyone building security distributions or can contain broken features. Because we are wrapping Zap, we should ensure that we are only wrapping a stable build, otherwise our weekly builds have the ability to introduce a broken scanner.

Update documentation https://docs.gitlab.com/ee/user/application_security/dast/index.html and https://docs.gitlab.com/ee/user/application_security/index.html#maintenance-and-update-of-the-vulnerabilities-database
Assign a DRI PM to monitor https://github.com/zaproxy/zaproxy/releases for new major releases and add an issue when a new release is put out.

Edited Oct 12, 2019 by Cameron Swords