Validate security report artifact against vendored versions

Why are we doing this work

We want to clearly communicate to users whenever a security report artifact does not validate against a supported schema or has other parsing errors.

In order to do this, all supported schemas will be vendored into the GitLab rails application, as discussed as part of #322681 (closed).

Relevant links

Wording for alert

Non-functional requirements

Documentation: update accordingly https://docs.gitlab.com/ee/development/integrations/secure.html#enable-report-validation
Feature flag: enforce_security_report_validation this needs a FF so we can give analyzer teams a chance to comply with the schemas before breaking ingestion
Performance:
Testing:

Implementation plan

backend Create enforce_security_report_validation feature flag definition
backend Adjust ee/app/models/ee/ci/build.rb so that validate_schema? returns true if enforce_security_report_validation is enabled
backend Adjust lib/gitlab/ci/parsers/security/validators/schema_validator.rb so it adds a warning/error if the schema used is deprecated/not found
backend Adjust specs

Edited Mar 15, 2022 by Michał Zając