SASTBot: Monthly dependency updates for %15.3

What does this MR do?

• upgrade Kics version [1.5.12 => 1.5.13]
• upgrade github.com/google/go-cmp version [v0.5.6 => v0.5.8]
• upgrade github.com/sirupsen/logrus version [v1.8.1 => v1.9.0]
• upgrade github.com/urfave/cli/v2 version [v2.11.0 => v2.11.1]
• upgrade gitlab.com/gitlab-org/security-products/analyzers/command version [v1.8.2 => v1.9.1]
• upgrade gitlab.com/gitlab-org/security-products/analyzers/report/v3 version [v3.12.2 => v3.13.0]. Excluding this update because v3.13.0 omitempty's the cve property of the vulnerabilities in the report (see report!38 (merged)). This causes the QA tests to fail as we expect "cve": "", throughout the report. Removing this also causes the QA tests to fail because the latest report schema enforces this as a mandatory field. We cannot upgrade the report package until version 15.0.0 of the schema is released.

Note: Changelog is autogenerated by SASTBot.

What are the relevant issue numbers?

• 15.3 Planning - Static Analysis (gitlab-org/gitlab#367582 - closed)

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer