Allow glob patterns in PIP_REQUIREMENTS_FILE

What does this MR do?

It adds support for globbing patterns in the PIP_REQUIREMENTS_FILE environment variable.

Motivation

For us it's pretty common to have multiple *requirements.txt files in our project, separating dependencies based on their purpose, which right now we aren't able to scan using this tool.

The glob patterns are Golang's ones, so no support for ** and other more advanced features, as they aren't built in the standard library. There are other packages providing such features, but not fully sure what's your policy adding such packages in a security tool, maybe it needs some auditing, so I decided to stick to the standard one for now.

Tricky parts

• The naming on the PIP_REQUIREMENTS_FILE variable is no longer that accurate, as it no longer has to match a single file, maybe add a new one? Not sure

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer