Hack a solution to exclude updating a ZAP extension

What does this MR do?

The recently Webdriver Linux ZAP extension has broken the ZAP Ajax Spider functionality (see gitlab-org/gitlab#55266 (closed)). This MR provides a way around the problem with some positively nasty hacks to avoid the problem extension being updated.

Specifically:

• sed is used to remove the hardcoded addonupdate directive in ZAP Python code 😵
• every (known) ZAP extension, aside from the problem extension, is added as a addoninstall directive. This also serves to update the extension

This is a terrible solution because

• Find and replace in 3rd party code is extremely brittle, and hard to read/understand
• If a new extension is released tomorrow, DAST won't be installing it
• If an extension is renamed, DAST will remain on the old version

However, this might be enough to resolve the issue for now.

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Job definition example
  • Vendored CI Templates (also in CE)
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer