Android support for Dependency Scanning
### Release notes
### Problem to solve
GitLab Dependency Scanning supports Java Gradle projects but Android projects aren't supported because:
- The Android SDK isn't installed in the gemnasium-maven image used for the scan.
- There's no documentation on how to set up Dependency Scanning for Android projects.
- The possible workaround is coupled to implementation details of gemnasium-maven.
### Intended users
* [Sasha (Software Developer)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sasha-software-developer)
* [Cameron (Compliance Manager)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#cameron-compliance-manager)
* [Sam (Security Analyst)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sam-security-analyst)
### User experience goal
A [CI/CD template](https://docs.gitlab.com/ee/development/cicd/templates.html) is available. The user includes the template in their CI configuration, fills-out any required inputs (if any).
When a CI pipeline runs, the template includes the job(s) necessary to generate a [CDX SBOM](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#cyclonedx-software-bill-of-materials) which is then ingested by GitLab.
The identified components display in the existing user interfaces. [Continuous vulnerability scanning](https://docs.gitlab.com/ee/user/application_security/continuous_vulnerability_scanning/) is performed on said components.
### Proposal
The CI/CD template uses an upstream tool to generate the SBOM.
We may need to enrich the generated report with properties from the [GitLab CycloneDX taxonomy](https://docs.gitlab.com/ee/development/sec/cyclonedx_property_taxonomy.html) before it can be used in GitLab features.
### Further details
- Previous proposal based on CI templates: https://gitlab.com/gitlab-org/gitlab/-/issues/336866#proposal.
### Permissions and Security
No change
### Documentation
To be documented in [Supported languages and package managers](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/index.html#supported-languages-and-package-managers)
### Availability & Testing
### Available Tier
~"GitLab Ultimate"
### What does success look like, and how can we measure that?
### What is the type of buyer?
### Is this a cross-stage feature?
No
### Links / references
/cc @johncrowley
epic