Make ruleset verifiable by including manifest file

What does this MR do?

This MR adds the logic to compare the manifest.json that is now added to every sast-rules release. It compares the entries of the manifest file against the rule files that are active during the scan and reports differences. Add a test or review step that explicitly check... (gitlab-org/gitlab#463607 - closed) • Julian Thome • 17.3 • On track provides a more detailed documentation of the general approach.

What are the relevant issue numbers?

Add a test or review step that explicitly check... (gitlab-org/gitlab#463607 - closed) • Julian Thome • 17.3 • On track

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests updated/added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer