Add scan duration check to Container Scanning template

What does this MR do?

This MR adds a scan duration check to the qa template for Container Scanning. It also adds a new variable SCAN_DURATION_MARGIN_PERCENT for flexibility in alerting on scan duration that exceeds MAX_SCAN_DURATION_SECONDS. This job allows more precise testing of scan duration by reading the start and end times of the report. And it allows testing to become more granular by allowing a test for each downstream project.

I added an example run to klar: https://gitlab.com/gitlab-org/security-products/analyzers/klar/-/pipelines/230218010 (see .gitlab-ci.yml)

The 3 new downstream jobs are only there for review in this MR (the branch will not be merged) showing:

• if MAX_SCAN_DURATION_SECONDS is not set (no job shown): https://gitlab.com/gitlab-org/security-products/tests/container-scanning/-/pipelines/230220014
• if MAX_SCAN_DURATION_SECONDS is exceeded: https://gitlab.com/gitlab-org/security-products/tests/container-scanning/-/jobs/913114869
• if MAX_SCAN_DURATION_SECONDS is not exceeded: https://gitlab.com/gitlab-org/security-products/tests/container-scanning/-/jobs/913114890

The analyzer branch points to the downstream branch for container-scanning which in turn points to this branch in ci-templates.

What are the relevant issue numbers?

gitlab-org/gitlab#196697 (closed)

Does this MR meet the acceptance criteria?

• Tests added for this feature/bug