build: include semgrep in final docker image

[art1f1c3R]

Summary

Include the built-from-source Semgrep wheel stored in macaron-deps in the final docker image for macaron.

Description of changes

The minimal image macaron-deps that was created in #1073 (fixed in #1078) stores the python .whl package for Semgrep, built from source in a new GitHub action. After now confirming the image has been published successfully, this PR now uses this image to include the built-from-source Semgrep wheel in the final docker image for Macaron using multistage Docker builds.

There were some necessary changes to the Semgrep image made in this PR. The name of the .whl file must be maintained from the build inside the docker container for pip to use it properly, so this was updated and changed.

Inside the final docker build, Dockerfile.final, this wheel is now copied into the image and used to install Semgrep. Note that, since Semgrep is part of Macaron's python dependencies, we uninstall the version that is installed by default into the image, which I have confirmed removes the binaries.

Checklist

• I have reviewed the contribution guide.
• My PR title and commits follow the Conventional Commits convention.
• My commits include the "Signed-off-by" line.
• I have signed my commits following the instructions provided by GitHub. Note that we run GitHub's commit verification tool to check the commit signatures. A green verified label should appear next to all of your commits on GitHub.
• I have updated the relevant documentation, if applicable.
• I have tested my changes and verified they work as expected.