Run container scanning on merge requests

What does this MR do?

Currently every MR in this project requires approval for the license policy because the pipeline is not generating an SBOM.

This change enables CS to run on MRs, which generates an SBOM that allows GitLab to verify which licenses are being used.

What are the relevant issue numbers?

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer