Ignored Sonar tag-plus-digest Docker warnings (#27220)

Preferring renovates default behaviour and squashing the 
maintainability warning from Sonar, as having renovate able
to maintain these updates for us without noise is better/more
maintainable for us in the long run.

Author: ErisDS

sonar-project.properties

@@ -0,0 +1,15 @@
+# Ignore SonarCloud rule docker:S8431 ("Use either the version tag or the
+# digest for the image instead of both") for all Dockerfiles.
+#
+# Renovate's default behaviour when pinning Docker images is to keep the
+# human-readable tag and append the immutable digest, producing refs of
+# the form `image:tag@sha256:...`. This is the format documented by
+# Renovate and is what `pinDigest` updates produce out of the box.
+#
+# SonarCloud's docker:S8431 rule flags that format as a maintainability
+# warning. As it's pure maintainability, we want to prefer renovate's 
+# default behavour to keep automerging working, which is actually more 
+# maintainable for us.
+sonar.issue.ignore.multicriteria=e1
+sonar.issue.ignore.multicriteria.e1.ruleKey=docker:S8431
+sonar.issue.ignore.multicriteria.e1.resourceKey=**/Dockerfile*