OpenShift support

What does this MR do?

Give write access to group id 0 to enable OpenShift support. When running on OpenShift, user id is random and group id is 0. When running on .com, the default user remains root, to ensure backward compatibility. See gitlab-org/gitlab#290240 (comment 509916812)

Also, add test jobs for offline-FREEZE branch of one of the Secure test project to make sure that it's still possible to have a before_script with instructions executed as root. See gitlab-org/gitlab#290240 (comment 509928251)

How is it tested?

Tested using !71 (closed)

See successful scanning job where the generated report is checked after the scan:

• http://gitlab.apps.secure-stage-openshift-test.k8s-ft.win/root/js-npm/-/pipelines/179
• http://gitlab.apps.secure-stage-openshift-test.k8s-ft.win/root/js-yarn/-/pipelines/180

Failing job when setting ADDITIONAL_CA_CERT_BUNDLE to a fake certificate; it fails because the PEM certificate isn't properly formatted:

• http://gitlab.apps.secure-stage-openshift-test.k8s-ft.win/root/js-npm/-/jobs/572

Value of ADDITIONAL_CA_CERT_BUNDLE was:

-----BEGIN CERTIFICATE-----
certificate-contents-go-here
-----END CERTIFICATE-----

What are the relevant issue numbers?

gitlab-org/gitlab#290240 (closed)

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer