Enable semgrep debug logging

Problem to solve

When SECURE_LOG_LEVEL is set to debug , GitLab adds --verbose to the semgrep command, see: https://gitlab.com/gitlab-org/security-products/analyzers/semgrep/-/blob/dd3d0b63b906f30bd2d4a5b9a0715f48b3ecbc01/analyze.go#L255.

But, --debug emits more information that's useful for in-depth troubleshooting.

This option was helpful in determining the cause of the command's premature failure in a customer's case, see: #622008 (internal).

Proposal

Use the semgrep option --debug instead of --verbose when SECURE_LOG_LEVEL is set to debug .

Doc from Semgrep: Logging verbosity options.

Implementation Plan

In the issue discussion we suggest to introduce a new trace debug level for cases, where a very high level of logging detail is required. Below is a sequence of step how we can address the logging issue described above:

1. Introduce a new trace log level in the documentation: https://docs.gitlab.com/user/application_security/troubleshooting_application_security/#logging-level.
2. For cases where we do not have trace implemented yet, default to debug when SECURE_LOG_LEVEL=trace.
3. For semgrep, pass the debug flag to the scanner when SECURE_LOG_LEVEL=trace.