Fix commit sha being used instead of tag for tagged pipelines

What does this MR do and why?

Describe in detail what your merge request does and why.

The change introduced in !74627 (merged) started setting the CI_APPLICATION_TAG in the Auto DevOps template so that it could be used in the CS_DEFAULT_BRANCH_IMAGE value while still being overridden by the calling template. This unintentionally introduced a breaking change for tagged pipelines using the Build.gitlab-ci.yml template, because the default value for CI_APPLICATION_TAG can be CI_COMMIT_SHA or CI_COMMIT_TAG depending on whether or not CI_COMMIT_TAG is set. This change fixes the issue by referencing CI_COMMIT_SHA in the CS_DEFAULT_BRANCH_IMAGE, and no longer setting the CI_APPLICATION_TAG value in the Auto DevOps template. It is fine if this does not match the CI_APPLICATION_TAG value, because the image tag is currently ignored when CS_DEFAULT_BRANCH_IMAGE is processed by the security report parser.

Screenshots or screen recordings

These are strongly recommended to assist reviewers and reduce the time to merge your change.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.