Add support for specifying environment variables for Policy Action

Why are we doing this work

In Security Policies we want to be able to specify additional environment variables in actions, so pipeline will be extended with these values. This will help creators of the policy to enforce behavior specified for selected variables, like SAST_EXCLUDED_ANALYZERS for SAST scanner.

Relevant links

Epic

Non-functional requirements

Documentation: extend documentation with information about variables field for policy
[-] Feature flag:
[-] Performance:
Testing:

Implementation plan

backend extend ee/app/validators/json_schemas/security_orchestration_policy.json with schema for actions[].variables,
backend extend scan_variables method in ee/app/services/security/security_orchestration_policies/create_pipeline_service.rb to read variables from action,
backend extend scan_variables method in ee/app/services/security/security_orchestration_policies/scan_pipeline_service.rb to read variables from action,

Edited Dec 07, 2021 by Alan (Maciej) Paruszewski