Configure SAST in `.gitlab-ci.yml`, creating this file if it does not already exist

Exclude unittests from SAST, since it raises for example vulnerability reports for using "assert". But that is needed for unittests.