By default, container scanning assumes that the image naming convention
stores any branch-specific identifiers in the image tag rather than the
image name. Auto DevOps will use a default naming convention of
`$CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA`, where the ref
slug typically refers to the branch name. This means that
vulnerabilities are not correctly correlated across branches. This
change adds `CS_DEFAULT_BRANCH_IMAGE` to the Auto DevOps template, which
allows images built with the default values to be correctly correlated
across branches. If the default values are changed, then
`CS_DEFAULT_BRANCH_IMAGE` will need to be changed as well.

Changelog: added