Improve the usability of BAP in MRs

What does this MR do?

Remove allow_failure: true from the BAP jobs

BAP is the SAST team's last line of defense to avoid releasing unintended rule changes. allow_failure: true is easy to ignore which could result in an MR with BAP failure being merged into production. Removing allow_failure: true will reduce this change.

Add instructions for BAP failure

BAP is expected to fail in certain situations, this MR adds documentation on what to do when that happens, both in the README and in the BAP CI job console output.

What are the relevant issue numbers?

Document handling expected BAP failures (gitlab-org/gitlab#464645 - closed) • Craig Smith, Tal Kopel • 17.1

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests updated/added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer