Set CS_IGNORE_UNFIXED for container scanning jobs

Buried in the GitLab docs is information about the CS_IGNORE_UNFIXED CI variable. Setting this to true will stop container scanning warning about vulnerabilities for which there is currently no known fix and so which are completel unactionable. The vast majority of our container scanning vulnerabilities fall into this camp which is why we've not really dealt with them.

By setting CS_ISGNORE_UNFIXED we will hopefully start to see some reduction in container scanning noise.