Docs: Add overview of SAST rules and how they work

What does this MR do?

Adds a single page to answer questions like:

• What are SAST rules?
• Where do GitLab SAST rules come from?
• How do I interact with SAST rules?
• How do I report problems with SAST rules?
  • Note, sometimes (though not often) people have reported problems with our rules upstream!
• How are updates released?
• How do I know which rules are being used?
• How do I know what's changing?

Eventually this page should grow to include more links to other content, and should include some "headline changes" such as those in &10907, so that people can understand what's changing.

My goals were:

• Specifically:
  • Have a docs article we can point users to if they have questions why a finding was auto-resolved, for use in Link to more context (like the sast-rules chang... (#417087 - closed). We are about to remove a larger number of rules and want to be sure that people can figure out what is happening as easily as possible.
• Generally:
  • Clarify when and how rule updates are released.
  • Clarify that GitLab produces the rules for the Semgrep-based analyzer.
  • Answer questions that I've been asked on customer calls about rules and how to manage them.

Related issues

Link to more context (like the sast-rules chang... (#417087 - closed)

Author's checklist

• Optional. Consider taking the GitLab Technical Writing Fundamentals course.
• Follow the:
  • Documentation process.
  • Documentation guidelines.
  • Style Guide.
• If you're adding or changing the main heading of the page (H1), ensure that the product tier badge is added.
• If you are a GitLab team member, request a review based on:
  • The documentation page's metadata.
  • The associated Technical Writer.

If you are a GitLab team member and only adding documentation, do not add any of the following labels:

• ~"frontend"
• ~"backend"
• ~"type::bug"
• ~"database"

These labels cause the MR to be added to code verification QA issues.

Reviewer's checklist

Documentation-related MRs should be reviewed by a Technical Writer for a non-blocking review, based on Documentation Guidelines and the Style Guide.

If you aren't sure which tech writer to ask, use roulette or ask in the #docs Slack channel.

• If the content requires it, ensure the information is reviewed by a subject matter expert.
• Technical writer review items:
  • Ensure docs metadata is present and up-to-date.
  • Ensure the appropriate labels are added to this MR.
  • Ensure a release milestone is set.
  • If relevant to this MR, ensure content topic type principles are in use, including:
    • The headings should be something you'd do a Google search for. Instead of Default behavior, say something like Default behavior when you close an issue.
    • The headings (other than the page title) should be active. Instead of Configuring GDK, say something like Configure GDK.
    • Any task steps should be written as a numbered list.
    • If the content still needs to be edited for topic types, you can create a follow-up issue with the docs-technical-debt label.
• Review by assigned maintainer, who can always request/require the reviews above. Maintainer's review can occur before or after a technical writer review.