Replace sast-rule deployment with proper package registry release
Problem
Right now when we release sast-rules, we have a manual step of running ./ci/deploy.sh which merges our semgrep rules into the /dist directory. There is no reason for this to be a manual process.
Proposed Solution
We should automate this process and create a versioned package registry 'package' which the semgrep analyzer can download, instead of pulling from git in the Dockerfile.