Auto-detect package.json when generating child pipeline

What is this

PoC showcasing autodetection of package.json files to create child pipeline, relates to gitlab-org/gitlab#283955 (closed)

This project uses dynamic child pipelines to generate a child pipeline configuration with a secure job for each subdirectory

The child pipeline can be viewed to see security results. Once gitlab-org/gitlab#215725 (closed) is completed, report results should surface within the parent pipeline as well.

Problem to solve

In exploring gitlab-org/gitlab#198730 (closed) one of the issues we have currently is that we rely on detection of one-and-only-one project file. This is the case for dependency scanning but also affects SAST when we must determine a project's root.

The solution here is to create a child pipeline for each package.json file. Without this dynamic pipeline, we end up returning only the first detected package.json and considering app1 directory to be the full application to scan.