Uncompress vulnerability databases at runtime for fips images

What does this MR do?

Support for uncompressing the trivy and grype vulnerability databases at runtime was added in Uncompress vulnerability databases at runtime (!2868 - merged), however, we forgot to add support for the trivy:6-fips and grype:6-fips images, which this MR addresses.

What are the relevant issue numbers?

Container Scanning v6.1.0 FIPS images are broken (gitlab-org/gitlab#415288 - closed)

Testing

We can't trust the automated tests because of this issue: Investigate missing test coverage in Container ... (gitlab-org/gitlab#415283), however, testing manually shows that the new fips images work as expected:

$ docker run -it --rm -e CS_IMAGE=alpine:3.7 registry.gitlab.com/gitlab-org/security-products/analyzers/container-scanning/tmp/trivy:4a3eb1f4ee04ae01232aa2284df25d186cf0ad89-fips

[DEBUG] [2023-06-14 07:13:26 +0000] [container-scanning]  >
section_end:1686726806:trivy_image___vuln_type_os___no_progress___offline_scan___skip_update___security_checks_vuln___format_template___template___home_gitlab__local_share_gem_ruby_g

+------------+-------------------------+--------------+-----------------+------------------------------------------------------------------------+
|   STATUS   |      CVE SEVERITY       | PACKAGE NAME | PACKAGE VERSION |                            CVE DESCRIPTION                             |
+------------+-------------------------+--------------+-----------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2019-14697 |     musl     |    1.1.18-r3    | musl libc through 1.1.23 has an x87 floating-point stack adjustment im |
|            |                         |              |                 | balance, related to the math/i386/ directory. In some cases, use of th |
|            |                         |              |                 | is library could introduce out-of-bounds writes that are not present i |
|            |                         |              |                 |                    n an application's source code.                     |
+------------+-------------------------+--------------+-----------------+------------------------------------------------------------------------+
| Unapproved | Critical CVE-2019-14697 |  musl-utils  |    1.1.18-r3    | musl libc through 1.1.23 has an x87 floating-point stack adjustment im |
|            |                         |              |                 | balance, related to the math/i386/ directory. In some cases, use of th |
|            |                         |              |                 | is library could introduce out-of-bounds writes that are not present i |
|            |                         |              |                 |                    n an application's source code.                     |
+------------+-------------------------+--------------+-----------------+------------------------------------------------------------------------+

$ echo $?

0

Does this MR meet the acceptance criteria?

• Changelog trailer added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer