Disable secret detection in KICS SAST IAC scanner

Proposal

The kics analyzer includes secret detection queries. This overlaps with our Category:Secret Detection scanner. Its approach is regular expression-based, like our scanner.

Ideally before excluding kics' secret detection results, we should ensure our secrets analyzer has parity with the same detection rules.

kics provides a --disable-secrets flag to disable checking. We should pass this flag by default. Because we have our own secret detection feature, we do not need to have a user-configurable option to re-enable kics-based secret detection.

Outcomes

• Add --disable-secrets to the kics command invocation. Disable kics secret detection (gitlab-org/security-products/analyzers/kics!43 - merged)
• Release as a major version bump for kics
• File an issue documenting the patterns that kics currently finds that we don't, so we can consider whether to add them to Secret Detection. Close any possible GitLab Secret Detection gaps... (#367177 - closed)
• Update SAST-IaC.latest.gitlab-ci.yml and SAST-IaC.gitlab-ci.yml to point to new major version of kics: !92475 (merged)