Add coverity CI step (#1919)

#### Reference Issues/PRs
<!--Example: Fixes #1234. See also #3456.-->

#### What does this implement or fix?
Add Coverity scan. The current implementation does not get PR comments
and does not block the build.
#### Any other comments?

#### Checklist

<details>
  <summary>
   Checklist for code changes...
  </summary>
 
- [ ] Have you updated the relevant docstrings, documentation and
copyright notice?
- [ ] Is this contribution tested against [all ArcticDB's
features](../docs/mkdocs/docs/technical/contributing.md)?
- [ ] Do all exceptions introduced raise appropriate [error
messages](https://docs.arcticdb.io/error_messages/)?
 - [ ] Are API changes highlighted in the PR description?
- [ ] Is the PR labelled as enhancement or bug so it appears in
autogenerated release notes?
</details>

<!--
Thanks for contributing a Pull Request to ArcticDB! Please ensure you
have taken a look at:
- ArcticDB's Code of Conduct:
https://github.com/man-group/ArcticDB/blob/master/CODE_OF_CONDUCT.md
- ArcticDB's Contribution Licensing:
https://github.com/man-group/ArcticDB/blob/master/docs/mkdocs/docs/technical/contributing.md#contribution-licensing
-->

---------

Co-authored-by: Vasil Pashov <[email protected]>

.github/workflows/static_analysis.yml

@@ -0,0 +1,70 @@
+---
+  name: Coverity Static Analysis
+  on: [pull_request, workflow_dispatch]
+
+  jobs:
+    polaris-scan:
+      name: Polaris Coverity Static Analysis
+      permissions:
+        packages: write
+      runs-on: ubuntu-22.04
+      env:
+        VCPKG_NUGET_USER: ${{secrets.VCPKG_NUGET_USER || github.repository_owner}}
+        VCPKG_NUGET_TOKEN: ${{secrets.VCPKG_NUGET_TOKEN || secrets.GITHUB_TOKEN}}
+      steps:
+        - name: Get number of CPU cores
+          uses: SimenB/[email protected]
+          id: cpu-cores
+
+        - name: Checkout Source
+          uses: actions/checkout@v4
+          with:
+            submodules: recursive
+            fetch-depth: 0
+
+        - name: Setup build dependencies
+          run: |
+            sudo apt-get update
+            sudo apt-get install -y gcc-10 g++-10 make mono-complete libkrb5-dev libsasl2-dev
+
+        - name: Setup VCPKG cache
+          run: |
+            . build_tooling/vcpkg_caching.sh
+            echo -e "VCPKG_BINARY_SOURCES=$VCPKG_BINARY_SOURCES
+            VCPKG_ROOT=$PLATFORM_VCPKG_ROOT" | tee -a $GITHUB_ENV
+
+        - name: Get CMake
+          uses: lukka/get-cmake@latest
+
+        - name: CMake configure
+          uses: lukka/[email protected]
+          env:
+            CC: "gcc-10"
+            CXX: "g++-10"
+          with:
+            cmakeListsTxtPath: ${{github.workspace}}/cpp/CMakeLists.txt
+            configurePreset: linux-release
+            configurePresetAdditionalArgs: "['-DVCPKG_INSTALL_OPTIONS=--clean-after-build', '-DCMAKE_C_COMPILER=gcc-10', '-DCMAKE_CXX_COMPILER=g++-10']"
+
+        - name: Copy Coverity config
+          run: cp ${{github.workspace}}/coverity.yaml ${{github.workspace}}/cpp/out/linux-release-build
+
+        - name: Polaris PR Scan
+          uses: synopsys-sig/[email protected]
+          with:
+            polaris_server_url: ${{ vars.POLARIS_SERVER_URL }}
+            polaris_access_token: ${{ secrets.POLARIS_ACCESS_TOKEN }}
+            polaris_application_name: "ArcticDB"
+            polaris_project_name: "ArcticDB-core"
+            polaris_assessment_types: "SAST"
+            polaris_prComment_enabled: true
+            polaris_waitForScan: true
+            coverity_build_command: make -j ${{ steps.cpu-cores.outputs.count }}
+            coverity_clean_command: make clean
+            github_token: ${{ secrets.POLARIS_GITHUB_TOKEN }}
+            project_directory: ${{github.workspace}}/cpp/out/linux-release-build
+            include_diagnostics: true
+            polaris_reports_sarif_create: true
+            polaris_reports_sarif_groupSCAIssues: true
+            polaris_upload_sarif_report: true
+            polaris_prComment_severities: "high,critical,medium,low"

coverity.yaml

@@ -0,0 +1,9 @@
+---
+capture:
+  languages:
+    include:
+     - c-family
+analyze:
+  aggressiveness-level: high
+  c-cpp-fnptr: true
+  c-cpp-virtual: true

cpp/arcticdb/CMakeLists.txt

@@ -1001,9 +1001,6 @@ if(${TEST})
                 GTest::gtest
                 GTest::gmock
                 Python::Python # + pybind11::pybind11 (transitively included) = pybind11::embed, but latter is sometimes not found...
-                curl
-                krb5support
-                k5crypto
                 util # TODO: find out where we lost the transitive link to it
                 )
         if(NOT APPLE)