Fix package manager field of the report when not pip

What does this MR do?

Set the package manager field of the report to pipenv and setuptools when the detected package manager is Pipenv or Setuptools, respsectively. Previous to that change, the analyzer always put pip in the .dependency_file[].package_manager field of the Dependency Scanning report, even when dependencies are not managed using Pip.

This depends on gemnasium!235 (merged).

What are the relevant issue numbers?

gitlab-org/gitlab#338252 (closed)

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer