Allow pip version to be configured in Dependency Scanning

Problem to solve

Allow installing a custom version of pip registries to fulfill specific needs.

Intended users

• Persona: DevOps Engineer
• Persona: Software developer

Proposal

• Add a DS_PIP_VERSION to our vendored template to pass them down to the analyzers.
• leverage this variables in the gemnasium-python analyzer to install a custom version of pip

Permissions and Security

Documentation

• add this variable to dependency scanning documentation](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/index.html#available-variables). We probably need to specify that only the gemnasium-python analyzer is supporting this option.

Testing

• find relevant test projects and make sure pipelines pass

What does success look like, and how can we measure that?

Customers can use a specific version of pip.

What is the type of buyer?

GitLab Ultimate

Links / references

Product

• Release Notes