ci: Add scan-build job in a new ‘analysis’ pipeline stage

Use Meson’s support for running scan-build (Clang’s static analyser)
against the build, so that we get static analysis of each pipeline. Add
it in a new pipeline stage, after code coverage, so that we don’t waste
resources on it unless the unit tests pass — a static analysis build
takes perhaps 10× as long as a normal GCC build.

https://mesonbuild.com/howtox.html#use-clang-static-analyzer

Currently, the static analysis results are uploaded as artifacts, but
the job will always succeed (regardless of whether there are any bugs
found in the analysis).

Currently, a large number of reports are outputted by the analyser,
which need to be fixed before we can gate the pipeline on it.
Furthermore, in order to get scan-build to exit with a non-zero status
if any bugs are found, we need to depend on Meson ≥ 0.49.0, which
contains the fix https://github.com/mesonbuild/meson/issues/4334,
allowing us to add the following to .gitlab-ci.yml:
```
variables:
  # Exit with a non-zero status if any bugs are found
  SCANBUILD: "scan-build --status-bugs"
```

Signed-off-by: Philip Withnall <withnall@endlessm.com>

.gitlab-ci.yml

@@ -1,6 +1,7 @@
 stages:
   - build
   - coverage
+  - analysis
   - deploy
 
 cache:
@@ -239,6 +240,29 @@ coverage:
     - bash -x ./.gitlab-ci/coverage-docker.sh
   coverage: '/^\s+lines\.+:\s+([\d.]+\%)\s+/'
 
+scan-build:
+  image: registry.gitlab.gnome.org/gnome/glib/fedora:v1
+  stage: analysis
+  except:
+    - tags
+  script:
+    - meson ${MESON_COMMON_OPTIONS}
+            --werror
+            --default-library=both
+            --prefix=$HOME/glib-installed
+            --libdir=lib
+            -Dsystemtap=true
+            -Ddtrace=true
+            -Dfam=true
+            -Dinstalled_tests=true
+            _build
+    - ninja -C _build scan-build
+  artifacts:
+    name: "glib-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}"
+    when: always
+    paths:
+      - "_build/meson-logs/scanbuild"
+
 pages:
   stage: deploy
   only: