[New] Security build for CLI

[ravimeda]

Starting a fresh PR since the earlier one (#7076) has run into rebase-merge conflicts leading to lot of noise. All comments from that PR have been addressed.

Approach for CLI security build is:

1. Download official build packages (*.zip) from dotnetcli/Sdk/<branch>
2. Extract the packages
3. Run BinSkim and APIScan on all assemblies and executables in sdk folder
4. Checkout the sources at the SHA listed in latest.version file
5. Run CredScan and PoliCheck on the sources

VSTS build definition is at https://devdiv.visualstudio.com/DevDiv/_build/index?context=allDefinitions&path=%5CDotNet%5CSecurity&definitionId=6698&_a=completed

This invokes the build whose JSON is shown in this PR.

How to launch a security build is described at https://github.com/dotnet/core-eng/blob/master/Documentation/Project-Docs/security-builds.md

Running this build produced the following report - http://aztsa/api/Result/CodeBase/DotNet-CLI-Trusted_master/Summary

There are around 180 issues to triage -
https://msazure.visualstudio.com/DefaultCollection/One/_workitems?tempQueryId=740da6e8-15ce-4912-b983-2cf87ed6a530

@livarcocc please review.

Post merge I will log an issue to read latest build from https://dotnetcli.blob.core.windows.net/dotnet/Sdk/master/latest.version