Draft: Support transforming GitLab SAST Report to SARIF

What does this MR do?

Currently SARIF format support is only one way, i.e., transforming a sarif file to a GitLab SAST Report.

Relating to #452028, it would nice if GitLab SAST Report can be transformed to SARIF (with an implementation plan).

This MR extends current sarif.go by

1. Adding a function that transforms a GitLab SAST Report (the physical file) to SARIF;
2. Adding a function that transforms a GitLab SAST Report (data structure in memory) to SARIF;
3. Exporting Sarif type to allow other projects (e.g., VET) to possibly modify its Sarif output.

Testing:

1. Corresponding test is added
2. The validity of generated sarif file has been tested on the Sarif website.

What are the relevant issue numbers?

https://gitlab.com/gitlab-org/gitlab/-/issues/452028+s

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Ensure the report version matches the equivalent schema version
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer