Black Duck integration and CI/SonarQube updates

[nikhil2611]

Description

This pull request introduces a new GitHub Actions workflow stub for CI on pull requests to the main branch and adds a SonarQube configuration file tailored for Ruby projects. These changes help standardize and automate CI processes and enable static code analysis with SonarQube.

Continuous Integration Workflow Enhancements:

• Added .github/workflows/ci-main-pull-request-stub.yml as a reusable workflow stub that calls a centralized CI pipeline, with configurable inputs for language, versioning, security scans, and packaging options. This supports consistent CI checks and security scans across main, develop, and release branches.

Static Code Analysis Integration:

• Updated sonar-project.properties to configure SonarQube analysis for Ruby projects, specifying project metadata, source and test directories, language settings, and exclusions for C-family languages. This facilitates automated code quality and security checks through SonarQube.

Check List

• New functionality includes tests
• All tests pass
• All commits have been signed-off for the Developer Certificate of Origin. See https://github.com/chef/chef/blob/master/CONTRIBUTING.md#developer-certification-of-origin-dco
• PR title is a worthy inclusion in the CHANGELOG

[sonarqube-for-infrastructure-prod]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube