[15.0] Remove Retire.js analyzer from Dependency Scanning

Proposal

Once Gemnasium can report all the vulnerabilities reported by retire.js analyzer, the latter can be removed to reduce maintenance cost.

Implementation plan

• update GitLab project (!86704 (merged))
  • update docs to remove retire.js mentions: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/
  • remove retire.js from the Dependency Scanning CI template https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml and corresponding specs
• archive retire.js project
  • note: the decision to archive the project has been postponed so that the docker image can continue getting automatic rebuilds
  • update retire.js analyzer README.md to say that this project is no longer used and is slated to be archived.
  • create issue to archive project - #362242 (closed)
• remove tests and mentions of the analyzer from other projects
  • specs in https://gitlab.com/gitlab-org/security-products/security-report-schemas
  • support for templated job in https://gitlab.com/gitlab-org/security-products/ci-templates/-/blob/master/includes-dev/qa-dependency_scanning.yml
• update handbook page (https://about.gitlab.com/handbook/engineering/development/sec/secure/composition-analysis) (gitlab-com/www-gitlab-com!104032 (merged))
  • remove analyzer and upstream project from reaction rotation support list and links (e.g. vuln dashboard)
  • remove analyzer mentions
• archive the retire.js mirror project https://gitlab.com/gitlab-org/security-products/dependencies/retire.js
• create removal announcement (which is a different yml than a deprecation)