Add an option to skip the first layer when scanning Docker images

[agateau-gg]

Is your feature request related to a problem? Please describe.

Scanning a Docker image can take a long time because it scans files from all layers, including the first one, which is often the OS image. To mitigate this, ggshield uses a list of directories to skip, but this is not always accurate, especially when scanning Windows-based images.

Describe the solution you'd like

Assuming the first layer is an OS image provided by an OS vendor, scanning only the files added on top of this first layer would greatly increase scanning speed, without missing secrets.

Add a --skip-first-layer option to secret scan docker. This option would be off by default to be safe and avoid changing the existing behavior.