Bring SAST to Core - brakeman

Full requirements listing in &2098 (closed)

Scope of this issue specifically

brakeman scanning, when Docker-in-Docker is disabled - SAST_DISABLE_DIND = true

Plan

Implementation Plan

1. Update SAST vendored template - MR

• [-] Add code to create $FEATURES environment variable from $GITLAB_FEATURES before it is unset so that we can use it as a feature flag of sorts in the case we need to rollback
• [-] Remove check for /sast/ in features for the brakeman analyzers for the DIND-free version.
• [-] Ensure support for downloading artifact

2. Update documentation - MR
3. Update license for the repository from EE License to MIT Expat - MR
4. Ensure rollback plan for brakeman analyzer is viable and ready in case it is needed
5. Explicitly stating that we will not be supporting brakeman in Core when Docker-in-Docker is enabled.

Rollback Plan

2. Add check for /sast/ in $FEATURES to the brakeman analyzer and release new version

Test Plan

1. Test analyzers as a core user

• [-] Verify Capability table from Epic
• [-] Test $SAST_DISABLE_DIND == 'true'

2. Test analyzers as an ultimate user

• [-] Verify Capability table from Epic
• [-] Test $SAST_DISABLE_DIND == 'true'

Out of Scope

We will NOT be updating brakeman as part of this issue. That will happen in a subsequent issue once this is completed.