Remove unnecessary `rules` references from base secure jobs

`rules` is always overridden explicitly by child jobs, leading to
confusion over the appropriate point to override.

By removing `rules` entirely it is more clear but we can further
improve this by linking to the issue discussing improvements to rule
extendability.

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/218444

lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml

@@ -28,11 +28,8 @@ dependency_scanning:
 .ds-analyzer:
   extends: dependency_scanning
   allow_failure: true
-  rules:
-    - if: $DEPENDENCY_SCANNING_DISABLED
-      when: never
-    - if: $CI_COMMIT_BRANCH &&
-          $GITLAB_FEATURES =~ /\bdependency_scanning\b/
+  # `rules` must be overridden explicitly by each child job
+  # see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
   script:
     - /analyzer run
 

lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml

@@ -30,10 +30,8 @@ sast:
 .sast-analyzer:
   extends: sast
   allow_failure: true
-  rules:
-    - if: $SAST_DISABLED
-      when: never
-    - if: $CI_COMMIT_BRANCH
+  # `rules` must be overridden explicitly by each child job
+  # see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
   script:
     - /analyzer run
 

lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml

@@ -14,6 +14,8 @@ variables:
   stage: test
   image: "$SECURE_ANALYZERS_PREFIX/secrets:$SECRETS_ANALYZER_VERSION"
   services: []
+  # `rules` must be overridden explicitly by each child job
+  # see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
   artifacts:
     reports:
       secret_detection: gl-secret-detection-report.json