Create or curate recommended testing/example projects
## Background
Benchmarks and intentionally-vulnerable apps can be misleading or unrepresentative in many ways. However, many evaluators use them because their own projects don't have a known set of vulnerabilities in them. (Running a SAST tool against your own code may give you a sense of its false-positive rate as you read its findings, but it's hard to reason about its false-negative rate if you don't have a set of known vulnerabilities to assess against.)
## Goal
- Guide users to high-quality benchmarks so they can efficiently test how GitLab SAST performs.
- Explain known behavior and interpretive notes in advance so that we can clearly demonstrate that we:
- Know how our product performs.
- Aren't just reactively coming up with explanations or reasons for certain observed behavior.
- (Often we may know this context internally, but only sharing it after a customer request can make that less credible.)
## Proposal
Recommend 1 or 2 benchmark/testing codebases per language that users can test with. Document any "gotchas" with enabling scanning for those projects or interpreting the project's results.
epic