SAST template should run analyzers based on file type

With !16487 (merged), we can run SAST without using Docker-in-Docker. However, now that !16574 (merged) has landed, we can improve this capability by using file detection

Changes like the following will need to be made to the individual analyzers in the SAST.gitlab-ci.yml template:

bandit-sast:
  extends: .analyzer
  image:
    name: "$SAST_ANALYZER_IMAGE_PREFIX/bandit:$SAST_MAJOR_VERSION"
  rules:
    only:
      exists:
        - **/*.py

cc @stkerr