Add depth limit when finding projects

What does this MR do?

Enforce max depth for directories being searched, and remove common/v2/search from dependencies.

This change makes it possible to remove common/v2/search and common/v2/command from the dependencies of gemnasium-python, to further that project with gemnasium. This is done in gemnasium-python!84 (merged).

Also, the behavior of the analyzer CLI is changed: by default it no longer scans dependency files having a depth of 3 or higher. This removes the discrepancy described in gitlab-org/gitlab#292455 (closed).

Please note that there's already a depth limit in the rules:exist of the scanning job, so this change makes a difference only when the scanned repo has multiple dependency files:

• one supported file w/ a depth of 0, 1 or 2, which triggers the job
• supported files w/ a depth of 3 or greater; these are now ignored

To maintain backward compatibility, the behavior is controlled via SEARCH_MAX_DEPTH. This environment variable defaults to 2, and it's ignored when set to -1. See original implementation in search/flags.go and walk/walk.go of the common library.

What are the relevant issue numbers?

gitlab-org/gitlab#292455 (closed)

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer