Adjust pre-filtration for dependency scanning and license compliance - editable and auditable

Related to #348620 (closed).

This reduces noise (stuff users don't care about) and make the scans faster but also leaves no record. We should be clear this is discouraged if a user wants any record.

we allow for some pre-filtering with default values (tests, spec, etc.), a user can override to NOT scan specific things using ci variables. We should be more customizable and flexible with this.

We should also log (audit trail event as well as job log) this was done (i.e. scan ran but X skipped A,B,C)