Enable Coverity static analysis with CI pipeline

Run Coverity on the master branch after a merge request is merged. (Due to the need for Coverity credentials which are owned by the libtiff repository as secrets, it's not possible to run for every merge request; additionally, the Coverity workflow does not tie the analysis to branches or commits.)

Use the new container images (https://gitlab.com/libtiff/libtiff-ci-ubuntu20.04 and https://gitlab.com/libtiff/libtiff-ci-ubuntu20.04-coverity) for builds and the coverity scan, respectively. Package installation in before-script: is now removed since all the packages are installed in the container image. You should be able to open a MR against the new repos to adjust the Dockerfile to add or remove packages.

Also note the badge on the main page (https://gitlab.com/libtiff/libtiff). Currently lists 30 new problems since the last scan, but this was some time ago (2017). It should settle down once we start acting on the problems it reports. Just click on the badge to go to the full report. If there are visibility problems, I think we could relax what the Coverity website shows to the public without a login. But if anyone wants to sign up and join the tiff project there, you could log in directly.