Update common to v3.2.1 to fix gotestsum cmd

What does this MR do?

Add junit report for Go tests (gitlab-org/security-products/ci-templates!326 - merged) added gotestsum to the go test job, which has resulted in failures in the job output:

=== FAIL: . TestToolExecutionNotifications/testdata/reports/semgrep_js_syntax_error.sarif (unknown)
[WARN] [2022-09-23T17:29:28Z] ▶ tool notification warning: Syntax error Semgrep Core WARN - Syntax error: When running eslint.detect-non-literal-require on /builds/gitlab-com/gl-security/engineering-and-research/gib/reports/theme/static/js/chart.js: `5:` was unexpected

These failures do not cause the go test job to fail, however, they cause gotestsum to incorrectly populate the MR test widget with false positive failures.

The root cause of the issue is that gotestsum is interpreting coloured log output which has been formatted by common/logutil/format.go as a failure, as described here.

This behaviour has been fixed in v3.2.1 of the common package in Do not color newline in log messages (common!163 - merged).

This MR makes the following changes:

1. Updates common from v3.0.1 to v3.2.1 to fix this issue and remove false-positives from the MR test widget.

2. Updates command from v1.6.0 to v1.9.1, because this is necessary to remove references to common/v2 and switch to common/v3.

3. Updates report from v3.10.0 to v3.14.0.

4. Adds a new scan.analyzer field to reports with the following details:

   "scan": {
     "analyzer": {
       "id": "gosec",
       "name": "Gosec",
       "url": "https://gitlab.com/gitlab-org/security-products/analyzers/gosec",
       "vendor": {
         "name": "GitLab"
       },
       "version": "3.5.6"
     },
     "..."
   }

5. Updates all the expectations to include the new scan.analyzer field.

6. Updates tracking calculator from 2.2.5 to 2.2.6 in order to support the new scan.analyzer field.

What are the relevant issue numbers?

Fix coloured log output in logutil package of s... (gitlab-org/gitlab#375625 - closed)

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer

/label Category:SAST backend devopssecure sectionsec groupcomposition analysis typemaintenance maintenancepipelines