Make bap semgrep a scheduled job

What does this MR do?

BAP needs to build two images to run a comparison the target and the source. As part of fixing images to be current a job was added to run at the end of merging our latest rule changes.

However, this hasn't run in over 2 months, causing us to use old versions of semgrep whe comparing source/targets. This change makes the bap semgrep image release every day as part of a scheduled job instead, ensuring that our rules are up to date when BAP does it's comparison against the target semgrep build (e.g. the feature branch changes).

What are the relevant issue numbers?

Does this MR meet the acceptance criteria?

• The test cases cover both positive and negative cases and have appropriate Semgrep annotations:
  • For positive cases: // ruleid: ...
  • For negative cases: // ok: ....
• Prefer ($X.servlet.http.HttpServletResponse $RESP).addCookie($C) over $RESPONSE.addCookie($C) to avoid False-Positives.
• Following metadata fields exist for the rule(s) added/updated in this MR:
  • owasp: with both 2017 and 2021 mappings
  • shortDescription: e.g: "Use of a broken or risky cryptographic algorithm NOT "Use of a Broken or Risky Cryptographic Algorithm"
  • security-severity: one of Info, Low, Medium, High or Critical
  • pattern: use multi-line patterns (with |) only when the actual search patterns spans more than a single line
• The message contains a secure code example and no insecure ones.
• The rule is placed in the correct rules/ subfolder based on its license, refering to the internal guidance.
• Relevant labels including workflow labels are appropriately selected.
• The MR is freshly rebased with main.