Build Docker image for use in CI

Build docker image for use in CI

This is the first step towards preventing Pajamas adoption regressions in the main GitLab repository.

It adds a CI job to the main branch to build a Docker image containing our Pajamas adoption Semgrep rules, and Semgrep itself.

When run, it generates a GitLab Code Quality report from its findings, such that they can be displayed both in the Code Quality merge request widget and inline in diffs in merge requests (which is certainly the more useful of the two).

In this iteration, it's expected that allow_failure: true will be set on the corresponding job definition in the GitLab repository.

Future iterations will not allow failures, so that merge requests which introduce adoption regressions can be blocked.

Part of https://gitlab.com/gitlab-com/gitlab-OKRs/-/work_items/5345.

Links

• Here's a successful build of the image in this MR on a test iteration.
• Here's an example of the image being used in a GitLab clone: markrian/gitlab-shallow!1 (closed) (job)
• Here's the job definition in that clone. It's in a simplified version of GitLab's CI pipeline, but at least shows how the image is supposed to be used.

Review/run this locally

1. Copy the pages in mr job URL (must have succeeded)
2. Run bin/review-mr.sh <job url>