Docker volume for media files

[StefanFl]

When using Docker Compose, some users experienced problems with permissions of media files, including me. This is caused by the bind mount for the media folder. Docker volumes are the preferred way of managing persistent data in Docker, see https://docs.docker.com/storage/#good-use-cases-for-volumes, and make the application more independent from the infrastructure of the host.

This PR uses a docker volume to store files in the media folder. With this we get an out-of-the box working installation of DefectDojo with Docker Compose. There have been several documentation updates to make users aware they have to of the check the configuration for productive use and adjust it if required.

[valentijnscholten]

Thanks for the PR, maybe we can even simplify even more in the future so unit tests and integration tests can just be run from the dev 'profile'.

With the volumes in place and media upload working, should we lookat re-enabling some of the integration tests? Or stop ignoring any (javascript) errors related to those?

See https://github.com/valentijnscholten/django-DefectDojo/blob/9ca5309cf376123ad44ae18e7403cbab84f28919/tests/base_test_class.py#L249

[StefanFl]

Good idea @valentijnscholten, I will have a look at the integration tests, they should work properly now.

[madchap]

Cheers Stefan. Let us know if you're ready to merge this one, or if you want it to keep it open a while longer. To avoid a too hasty merge, you can put your PR in draft mode.

[StefanFl]

The failing unit test is not related to changes in this PR. Damien is working on it.

[valentijnscholten]

Can you take a look @damiencarol ?

2021-03-01T07:37:47.0674408Z �[36muwsgi_1         |�[0m ======================================================================
2021-03-01T07:37:47.0675649Z �[36muwsgi_1         |�[0m FAIL: test_multiple_cves (dojo.unittests.tools.test_safety_parser.TestSafetyParser)
2021-03-01T07:37:47.0676973Z �[36muwsgi_1         |�[0m ----------------------------------------------------------------------
2021-03-01T07:37:47.0677883Z �[36muwsgi_1         |�[0m Traceback (most recent call last):
2021-03-01T07:37:47.0679494Z �[36muwsgi_1         |�[0m   File "/app/dojo/unittests/tools/test_safety_parser.py", line 34, in test_multiple_cves
2021-03-01T07:37:47.0680703Z �[36muwsgi_1         |�[0m     self.assertEqual("CVE-2019-12385", findings[0].cve)
2021-03-01T07:37:47.0681668Z �[36muwsgi_1         |�[0m AssertionError: 'CVE-2019-12385' != None
2021-03-01T07:37:47.0682366Z �[36muwsgi_1         |�[0m 
2021-03-01T07:37:47.0683175Z �[36muwsgi_1         |�[0m ----------------------------------------------------------------------
2021-03-01T07:37:47.0683983Z �[36muwsgi_1         |�[0m Ran 1007 tests in 387.963s

[StefanFl]

@madchap, @valentijnscholten, @damiencarol The integration test cases for finding for finding images and file uploads are running now. There is still a thing about http://localhost:8080/static/dojo/img/zoom-in.cur which I don't understand where it comes from. But this will go when the finding images will be removed later this year.

From my point of view this PR is ready to be merged. Maybe we want to wait until the failing unit test case is fixed and I have rebased the branch.