Pin zap add-ons to specific versions

What does this MR do?

ZAP add-ons come pre-installed with each ZAP Docker image (see /zap/plugin on a running DAST image). When a ZAP scan is executed, ZAP will attempt to update all of the installed add-ons.

This causes problems:

• A DAST user can't decide not to take the add-on (the auto-update functionality is hard-coded)
• DAST can't be run in an offline mode
• The DAST engineering team tests suddenly fail when a release is made to dependent packages in https://github.com/zaproxy/zap-extensions/releases

This MR disables add-on auto-updating when the command line option --auto-update-addons false is passed to /analyze. Add-ons will update if the option is not provided. A later decision can be made as to whether or not add-on updates should be disabled by default.

This MR in part solves issues gitlab-org/gitlab#198456 (closed) and gitlab-org/gitlab#12728 (closed). It also fixes the broken master build on DAST.

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Job definition example
  • Vendored CI Templates (also in CE)
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer