[WIP] Scan with Coverity

[cgzones]

This is an attempt to revive Coverity Scan.

Please do not merge but instead push to the branch coverity_scan and replace the secure token with a value from
https://scan.coverity.com/projects/selinuxproject-selinux/builds/new?tab=travis_ci -> Example

[evverx]

@fishilico could you add a secret named COVERITY_SCAN_TOKEN to the repository? I'll try to add an action sending data to Coverity daily by analogy with util-linux/util-linux#1491.

[evverx]

In the meantime, I think another option would be to set up codeql. I kind of integrated it into my fork in evverx#1 and it seems to be working

I'll try to polish it a bit and open a PR here

The downside is that all the alerts are hidden in the security tab of repositories, which makes it hard to keep track of reports in one place for external contributors. On the other hand, once codeql ends up in forks they are visible there too. PRs also get analyzed