fix(sonar): fix SonarQube API call on tag analysis

| `sonar-base-args` / `SONAR_BASE_ARGS` | SonarQube [analysis arguments](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/analysis-parameters/) | `sonar -Dsonar.links.homepage=${CI_PROJECT_URL} -Dsonar.links.ci=${CI_PROJECT_URL}/-/pipelines -Dsonar.links.issue=${CI_PROJECT_URL}/-/issues` |

| `sonar-quality-gate-enabled` / `SONAR_QUALITY_GATE_ENABLED` | Set to `true` to enable SonarQube [Quality Gate](https://docs.sonarsource.com/sonarqube-server/quality-standards-administration/managing-quality-gates/introduction/) verification.<br/>_Uses `sonar.qualitygate.wait` parameter ([see doc](https://docs.sonarsource.com/sonarqube-server/analyzing-source-code/ci-integration/overview/#quality-gate-fails))._ | _none_ (disabled) |

**Output artifacts:**

When the SonarQube [Quality Gate](https://docs.sonarsource.com/sonarqube-server/latest/quality-standards-administration/managing-quality-gates/introduction/) is enabled (using `sonar-quality-gate-enabled` / `SONAR_QUALITY_GATE_ENABLED`), this job produces a GitLab SAST report `gradle-sonar.gitlab-sast.json`, generated from SonarQube as part of the [Vulnerability Reporting integration](https://docs.sonarsource.com/sonarqube-server/devops-platform-integration/gitlab-integration/setting-up-at-project-level#reporting-vulnerabilities), containing the detected security findings. Artifacts are retained for one day and are downloadable only by users with the Developer role or higher in GitLab.

The following reports are generated:

| Report         | Format                                                                       | Usage             |

| -------------- | ---------------------------------------------------------------------------- | ----------------- |

| `$GRADLE_PROJECT_DIR/reports/gradle-sonar.gitlab-sast.json` | [Gitlab SAST](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/master/src/sast-report-format.json?ref_type=heads) report | [GitLab integration](https://docs.gitlab.com/ci/yaml/artifacts_reports/#artifactsreportssast) |

### Dependency-check

The Gradle template features a job `gradle-dependency-check` that performs a manual [Dependency-Check](https://jeremylong.github.io/DependencyCheck) analysis.

    - |

      if [[ "$SONAR_QUALITY_GATE_ENABLED" == "true" ]]

      then

        log_info "Return a list of vulnerabilities according to the GitLab SAST JSON format, based on SonarQube issues for project \\e[33;1m${SONAR_PROJECT_KEY}\\e[0m..."

        log_info "Retrieve GitLab SAST report from SonarQube for project \\e[33;1m${SONAR_PROJECT_KEY}\\e[0m..."

        mkdir -p ./reports

        sonar_api_params="projectKey=${SONAR_PROJECT_KEY}"

        if [ -z "${CI_MERGE_REQUEST_IID}" ]; then

          sonar_api_params="${sonar_api_params}&branch=${CI_COMMIT_BRANCH}"

        sonar_api_params="projectKey=$SONAR_PROJECT_KEY"

        if [ "${CI_MERGE_REQUEST_IID}" ]; then

          sonar_api_params="${sonar_api_params}&pullRequest=$CI_MERGE_REQUEST_IID"

        else

          sonar_api_params="${sonar_api_params}&pullRequest=${CI_MERGE_REQUEST_IID}"

          sonar_api_params="${sonar_api_params}&branch=$CI_COMMIT_REF_NAME"

        fi

        curl -u "${SONAR_TOKEN}:" "${SONAR_HOST_URL}/api/issues/gitlab_sast_export?${sonar_api_params}" -o ./reports/gradle-sonar.gitlab-sast.json # gitleaks:allow

      else

        log_info "SONAR_QUALITY_GATE_ENABLED is not set to true — skipping GitLab SAST export and report generation"

        log_info "ℹ️ If you wish to retrieve GitLab SAST report from SonarQube, please set SONAR_QUALITY_GATE_ENABLED to true"

      fi

      exit $exit_code

      - exit $exit_code

  artifacts:

    name: "SonarQube analysis reports for Gradle from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"

    expire_in: 1 day