Add basic CI/CD functionality

This MR adds a basic CD/CD pipeline, which validates the top-level pipeline.cwl workflow with an example input.

.gitlab-ci.yml

+default:
+  image: $CI_REGISTRY_IMAGE/ci-build-runner:$CI_COMMIT_REF_SLUG
+
 workflow:
   rules:
     # Do not create (detached) pipelines on merge request events
@@ -14,26 +17,12 @@ include:
   - template: Security/Dependency-Scanning.gitlab-ci.yml
   - template: Security/Secret-Detection.gitlab-ci.yml
 
-build_ci_runner_image:
+# Prepare image to run ci on
+trigger_prepare:
   stage: prepare
-  image: docker
-  tags:
-    - dind
-  script:
-    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
-    - |
-      if docker pull $CI_REGISTRY_IMAGE/ci-build-runner:$CI_COMMIT_REF_SLUG; then
-        docker build --cache-from $CI_REGISTRY_IMAGE/ci-build-runner:$CI_COMMIT_REF_SLUG --tag $CI_REGISTRY_IMAGE/ci-build-runner:$CI_COMMIT_REF_SLUG docker/ci-runner
-      else
-        docker pull $CI_REGISTRY_IMAGE/ci-build-runner:latest || true
-        docker build --cache-from $CI_REGISTRY_IMAGE/ci-build-runner:latest --tag $CI_REGISTRY_IMAGE/ci-build-runner:$CI_COMMIT_REF_SLUG docker/ci-runner
-      fi
-    - docker push $CI_REGISTRY_IMAGE/ci-build-runner:$CI_COMMIT_REF_SLUG  # push the image
-    - |
-      if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
-        docker image tag $CI_REGISTRY_IMAGE/ci-build-runner:$CI_COMMIT_REF_SLUG $CI_REGISTRY_IMAGE/ci-build-runner:latest
-        docker push $CI_REGISTRY_IMAGE/ci-build-runner:latest
-      fi
+  trigger:
+    strategy: depend
+    include: .prepare.gitlab-ci.yml
 
 sast:
   variables:
@@ -44,7 +33,7 @@ sast:
 # Validate the top-level workflow(s) and their input(s)
 validate:
   stage: test
-  image: $CI_REGISTRY_IMAGE/ci-build-runner:$CI_COMMIT_REF_SLUG
+  needs: ["trigger_prepare"]
   script:
     - echo $CI_REGISTRY_IMAGE
     - echo $CI_COMMIT_REF_SLUG