DOPS-2746 Add sonar, dojo

[C4tWithShell]

1. Set up sonar
2. Set up dojo
3. Fixed problem with coverage, change to lcov format

[Alexey-N-Chernyshov]

1. I don't have an access to Sonar, please ensure that developers can access it.
2. I was assured that DefectDojo has been already enabled: https://defectdojo.tachi.soramitsu.co.jp/product/90. At least there is the report. And I don't understand the process of Defect Dojo. We have a bunch of findings and it seems that they are ignored. I don't know who is responsible for this tool. And please, check that developers are granted an access.

Update: I got access to SonarQube.

[Alexey-N-Chernyshov]

1. I see the flag is set in SonarQube but I don't see any summary report on gh.

2. WARN: sonar.plugins.downloadOnlyRequired is false, so ALL available plugins will be downloaded Downloading, installing and running all the plugins for SonarQube takes time, we can enable only that we need.

3. target dir is analyzed, but should be ignored. Probably it is fixed in https://github.com/soramitsu/jenkins-library/pull/568 for SonarQube. The same issue for DefectDojo.

[C4tWithShell]

1. I see the flag is set in SonarQube but I don't see any summary report on gh.
2. WARN: sonar.plugins.downloadOnlyRequired is false, so ALL available plugins will be downloaded Downloading, installing and running all the plugins for SonarQube takes time, we can enable only that we need.
3. target dir is analyzed, but should be ignored. Probably it is fixed in Update sonar.groovy - do not scan target soramitsu/jenkins-library#568 for SonarQube. The same issue for DefectDojo.

1. Yes, there was an error within validation process. I fixed it
2. It's a new feature, we enabled it
3. Excluded

[Alexey-N-Chernyshov]

Sonar stage in Jenkins passed while it failed actually. I see errors in Jenkins logs and a new report is missing in SonarQube. Please, make sure Sonar generates and uploads the report. I think Jenkins should fail the job in case of failure, so we can discover the problem.