Add jobs template for Secret Detection

Point Security/Secret-Detection.gitlab-ci.yml to newly added
Jobs/Secret-Detection.gitlab-ci.yml, which now contains the Secret
Detection template logic.
Changelog: changed

lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml

+# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/secret_detection
+#
+# Configure secret detection with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html).
+# List of available variables: https://docs.gitlab.com/ee/user/application_security/secret_detection/#available-variables
+
+variables:
+  SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"
+  SECRETS_ANALYZER_VERSION: "3"
+  SECRET_DETECTION_EXCLUDED_PATHS: ""
+
+
+.secret-analyzer:
+  stage: test
+  image: "$SECURE_ANALYZERS_PREFIX/secrets:$SECRETS_ANALYZER_VERSION"
+  services: []
+  allow_failure: true
+  # `rules` must be overridden explicitly by each child job
+  # see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
+  artifacts:
+    reports:
+      secret_detection: gl-secret-detection-report.json
+
+secret_detection_default_branch:
+  extends: .secret-analyzer
+  rules:
+    - if: $SECRET_DETECTION_DISABLED
+      when: never
+    - if: $CI_DEFAULT_BRANCH == $CI_COMMIT_BRANCH
+  script:
+    - /analyzer run
+
+secret_detection:
+  extends: .secret-analyzer
+  rules:
+    - if: $SECRET_DETECTION_DISABLED
+      when: never
+    - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
+  script:
+    - if [[ $CI_COMMIT_TAG ]]; then echo "Skipping Secret Detection for tags. No code changes have occurred."; exit 0; fi
+    - git fetch origin $CI_DEFAULT_BRANCH $CI_COMMIT_REF_NAME
+    - git log --left-right --cherry-pick --pretty=format:"%H" refs/remotes/origin/$CI_DEFAULT_BRANCH...refs/remotes/origin/$CI_COMMIT_REF_NAME > "$CI_COMMIT_SHA"_commit_list.txt
+    - export SECRET_DETECTION_COMMITS_FILE="$CI_COMMIT_SHA"_commit_list.txt
+    - /analyzer run
+    - rm "$CI_COMMIT_SHA"_commit_list.txt

lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml

-# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/secret_detection
-#
-# Configure secret detection with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html).
-# List of available variables: https://docs.gitlab.com/ee/user/application_security/secret_detection/#available-variables
+# This template moved to Jobs/Secret-Detection.gitlab-ci.yml in GitLab 14.0
+# Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/292977
 
-variables:
-  SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"
-  SECRETS_ANALYZER_VERSION: "3"
-  SECRET_DETECTION_EXCLUDED_PATHS: ""
-
-
-.secret-analyzer:
-  stage: test
-  image: "$SECURE_ANALYZERS_PREFIX/secrets:$SECRETS_ANALYZER_VERSION"
-  services: []
-  allow_failure: true
-  # `rules` must be overridden explicitly by each child job
-  # see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
-  artifacts:
-    reports:
-      secret_detection: gl-secret-detection-report.json
-
-secret_detection_default_branch:
-  extends: .secret-analyzer
-  rules:
-    - if: $SECRET_DETECTION_DISABLED
-      when: never
-    - if: $CI_DEFAULT_BRANCH == $CI_COMMIT_BRANCH
-  script:
-    - /analyzer run
-
-secret_detection:
-  extends: .secret-analyzer
-  rules:
-    - if: $SECRET_DETECTION_DISABLED
-      when: never
-    - if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
-  script:
-    - if [[ $CI_COMMIT_TAG ]]; then echo "Skipping Secret Detection for tags. No code changes have occurred."; exit 0; fi
-    - git fetch origin $CI_DEFAULT_BRANCH $CI_COMMIT_REF_NAME
-    - git log --left-right --cherry-pick --pretty=format:"%H" refs/remotes/origin/$CI_DEFAULT_BRANCH...refs/remotes/origin/$CI_COMMIT_REF_NAME > "$CI_COMMIT_SHA"_commit_list.txt
-    - export SECRET_DETECTION_COMMITS_FILE="$CI_COMMIT_SHA"_commit_list.txt
-    - /analyzer run
-    - rm "$CI_COMMIT_SHA"_commit_list.txt
+include:
+  template: Jobs/Secret-Detection.gitlab-ci.yml