Add support for self signed or insecure certs when fetching the vulnerability DB

What does this MR do?

When fetching JS and Node vulnerability files using the RETIREJS_JS_ADVISORY_DB and RETIREJS_NODE_ADVISORY_DB from a remote HTTPS host, the analyzer doesn't currently support insecure or self-signed SSL certificates. This MR makes the following changes to allow altering this behaviour:

1. Adds a new RETIREJS_ADVISORY_DB_INSECURE environment variable which "Enables fetching remote JS and Node vulnerability data files from hosts using an insecure or self-signed SSL (TLS) certificate."
2. Updates the behaviour of the ADDITIONAL_CA_CERT_BUNDLE variable so that when this value is provided, it passes an additional --cacert <path-to-additional-ca-cert-file> argument to the retire.js npm module.

In order to support these new flags, the underlying RetireJS npm package was also forked and modified to add --cacert and --insecure flags. The merge request for this change is here and has now been merged and published as version 2.2.0 of retire.js.

TODO

1. Update dependency scanning documentation to include the new RETIREJS_ADVISORY_DB_INSECURE and also update the existing documentation for ADDITIONAL_CA_CERT_BUNDLE to explain that it will be used for fetching the retirejs advisory db files.
   • gitlab-org/gitlab!28928 (merged)

What are the relevant issue numbers?

gitlab-org/gitlab#213256 (closed)

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer