Add default semgrep ci template file

(still needs more work)

Bug: T297991
1 job for main in 48 seconds (queued for 4 seconds)