Add basic CI/CD functionality

This MR adds a basic CD/CD pipeline, which validates the top-level pipeline.cwl workflow with an example input.

.gitlab-ci.yml

-default:
-  image: $CI_REGISTRY_IMAGE/ci-build-runner:$CI_COMMIT_REF_SLUG
-
 workflow:
   rules:
     # Do not create (detached) pipelines on merge request events
@@ -17,12 +14,26 @@ include:
   - template: Security/Dependency-Scanning.gitlab-ci.yml
   - template: Security/Secret-Detection.gitlab-ci.yml
 
-# Prepare image to run ci on
-trigger_prepare:
+build_ci_runner_image:
   stage: prepare
-  trigger:
-    strategy: depend
-    include: .prepare.gitlab-ci.yml
+  image: docker
+  tags:
+    - dind
+  script:
+    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+    - |
+      if docker pull $CI_REGISTRY_IMAGE/ci-build-runner:$CI_COMMIT_REF_SLUG; then
+        docker build --cache-from $CI_REGISTRY_IMAGE/ci-build-runner:$CI_COMMIT_REF_SLUG --tag $CI_REGISTRY_IMAGE/ci-build-runner:$CI_COMMIT_REF_SLUG docker/ci-runner
+      else
+        docker pull $CI_REGISTRY_IMAGE/ci-build-runner:latest || true
+        docker build --cache-from $CI_REGISTRY_IMAGE/ci-build-runner:latest --tag $CI_REGISTRY_IMAGE/ci-build-runner:$CI_COMMIT_REF_SLUG docker/ci-runner
+      fi
+    - docker push $CI_REGISTRY_IMAGE/ci-build-runner:$CI_COMMIT_REF_SLUG  # push the image
+    - |
+      if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
+        docker image tag $CI_REGISTRY_IMAGE/ci-build-runner:$CI_COMMIT_REF_SLUG $CI_REGISTRY_IMAGE/ci-build-runner:latest
+        docker push $CI_REGISTRY_IMAGE/ci-build-runner:latest
+      fi
 
 sast:
   variables:
@@ -33,7 +44,7 @@ sast:
 # Validate the top-level workflow(s) and their input(s)
 validate:
   stage: test
-  needs: ["trigger_prepare"]
+  image: $CI_REGISTRY_IMAGE/ci-build-runner:$CI_COMMIT_REF_SLUG
   script:
     - echo $CI_REGISTRY_IMAGE
     - echo $CI_COMMIT_REF_SLUG