Sonarqube integration

[pazone]

What is the problem this PR solves?

Enables sonarqube code scanning and coverage reports.

Sonar project for fleet-server is already created.

This configuration provides:

Pull request analysis: Analyses newly added code for a particular pull request
SonarQube automatically adds a comment with digest information. If no java files were changed in a pull request we will see “No coverage/duplication information” labels

Branch analysis: Runs on branches like main and analyzes the entire codebase. Associates received code coverage with the branch

Sonarqube Requires a quality profile

Quality profile is configured on the sonarqube side.
Questions to the team:

• What is the desired code coverage for the project?
• Minimal code coverage for pull request? (SonarQube has a separate measure for newly added/changed code)

Checklist

• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in ./changelog/fragments using the changelog tool

Related issues

• Closes https://github.com/elastic/ingest-dev/issues/2281
  -->

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-09-04T14:40:14.767+0000

• Duration: 35 min 30 sec

Test stats 🧪

Test	Results
Failed	0
Passed	815
Skipped	1
Total	816

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[jlind23]

@pazone our buildkite build seems to be failing due to
2023-08-31 15:13:34 FATAL Failed to upload and process pipeline: Pipeline upload rejected: Detected dependency cycle: :sonarqube: Continuous Code Inspection → :sonarqube: Continuous Code Inspection

If by any chance that rings a bell on your end.

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[pazone]

@jlind23 Do I understand correctly that now we don't need the Code coverage build stage made by Github actions?
https://github.com/elastic/fleet-server/blob/main/.github/workflows/build.yml
And we also run same unit tests in Jenkins on each PR: https://github.com/elastic/fleet-server/blob/main/.ci/Jenkinsfile#L75

I'd delete the Github Action workflow and the Jenkins step
We run unit tests in BK and use sonarQube for coverage

[elastic-sonarqube]

SonarQube Quality Gate

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[mrodm]

LGTM, just one doubt about when this new step needs to run

[mrodm]

Should this be running in all branches and PRs or just PRs?

[pazone]

All branches. We also need to analyse main