Disable SAST for downstream php-composer-qa

What does this MR do?

We disable SAST by setting SAST_DEFAULT_ANALYZERS: "", preventing CI failures expecting QA job to be defined. This causes only to take priority over needs and prevent the pipeline from failing due to invalid syntax. See similar approach for SAST: phpcs-security-audit@7ad861aa

What are the relevant issue numbers?

gitlab-org/gitlab#33724 (closed)

Does this MR meet the acceptance criteria?

• [-] Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer