feat: add Security Analyzer functionality

[adrgs]

What is the problem that this fixes or functionality that this introduces? Does it fix any open issues?

This PR introduces the possibility of having a defined security analyzer watch over OpenDevin's actions and watch accordingly. It's integrated by default with confirmation mode, which analyzers can make use of by auto-approving actions deemed safe.

We have also implemented such an analyzer, using invariant

---

Give a summary of what the PR does, explaining any non-trivial design decisions

Backend

• Important actions now have the security_risk field, which is Optional
• The Security Analyzer lives in AgentSession, and can only be created at start-up if the proper flag is set
• Added a /api/security/{path:path} API route, for the analyzers to be able to interact with the user without having to modify the core code for each
• Also added /api/options/security-analyzers endpoint, which lists the agents
• Added documentation in opendevin/security for creating new analyzers
• The Invariant Analyzer runs in a separate Docker container, to not add any dependencies to OpenDevin

Frontend

• Added new combobox / string setting for SECURITY_ANALYZER
• Added a Lock icon in the bottom right that is visible when there's a security analyzer present
• Added frontend/src/components/modals/security, a place where the modules can create their own modals

---

Other references
Video of how the changes look like:
https://www.youtube.com/watch?v=brH7CUGyzmI

[xingyaoww]

Backend LGTM! If frontend also look good to folks, i'd be have to approve it.

[xingyaoww]

Could you add a section here as a quick start to show people how to enable this feature? e.g., on the UI and on the backend?

[adrgs]

sure, added it in the latest commit:

Suggested change

	To enable this feature:
	* From the web interface
	* Open Configuration (by clicking the gear icon in the bottom right)
	* Select a Security Analyzer from the dropdown
	* Save settings
	* (to disable) repeat the same steps, but click the X in the Security Analyzer dropdown
	* From config.toml
	```toml
	[security]
	# Enable confirmation mode
	confirmation_mode = true
	# The security analyzer to use
	security_analyzer = "your-security-analyzer"
	```
	(to disable) remove the lines from config.toml

[xingyaoww]

Awesome!

[xingyaoww]

Hey @adrgs, I'd be happy to merge it if you could resolve the conflict (i help did it in this PR invariantlabs-ai#1)

[adrgs]

Hey @adrgs, I'd be happy to merge it if you could resolve the conflict (i help did it in this PR invariantlabs-ai#1)

thanks for the help @xingyaoww ! should be up to date with main now

[neubig]

Hey @xingyaoww , could you make the final call on this and we can get it merged in? This is exciting!

[xingyaoww]

Let's get this in!

[xingyaoww]

@adrgs sorry for the late response! Could you resolve the one last merge conflict: invariantlabs-ai#2

[adrgs]

@xingyaoww added, thanks!