Improve Code scanning

[FlorianHockmann]

We already have automated code scanning in place for our Docker images. Unfortunately the results aren't very helpful right now as it's not possible to distinguish between alerts for the different images. We get results for the 1.0, 0.6, and 0.5 image all together.
The 0.5 image of course leads to a lot of alerts as we haven't published a new release on that branch in a long time. (We will probably drop support for that image in general soon.)
This makes it hard to find alerts for the 0.6 and especially the 1.0 image where we usually shouldn't get many alerts right now, considering that most of our dependencies should be up-to-date there.

This code scanning should make it possible to view results for the different images independent of another.
It would also be good if we could fix the check for PRs so that it only fails if the PR introduces any new problems. But we can also create a separate issue for that if solving it is more complex.

[farodin91]

The easiest way, I see would be to move the docker build process into the main repo. It would also other issues, such not automatically releases with release in the main repo or having main complexity maintain multiple version in one branch.

[FlorianHockmann]

I agree, moving the image into the main repo would really make our life easier. I've posted this on janusgraph-dev to get more visibility in case anyone has good reasons against that: https://lists.lfaidata.foundation/g/janusgraph-dev/message/1613