Run clang's scan-build in Tor's CI

There can be a few days between merging and a coverity build.

So we could also use clang's scan-build in CI, to get immediate feedback.

Code that passes scan-build should have less coverity defects.

changed milestone to %Tor: unspecified in legacy/trac

Trac:
Child Ticket(s): legacy/trac#18897 (moved), legacy/trac#21497 (moved), legacy/trac#21494 (moved)

added clang in Legacy / Trac component::core tor/tor in Legacy / Trac correctness in Legacy / Trac coverity in Legacy / Trac milestone::Tor: unspecified in Legacy / Trac points::2 in Legacy / Trac priority::medium in Legacy / Trac scan-build in Legacy / Trac severity::normal in Legacy / Trac status::new in Legacy / Trac tor-ci in Legacy / Trac type::defect in Legacy / Trac labels

Trac:
Keywords: N/A deleted, scan-build, clang added

No more sponsor 31. All this tickets remained open after sponsor 31 ended.

Trac:
Sponsor: Sponsor31-can to N/A

changed time estimate to 16h

moved from legacy/trac#30225 (moved)

added Bug label and removed 1 deleted label

added CI Coverity labels and removed 1 deleted label

closing as not-ripe: we can barely run this tool on our desktops.

removed Bug label

closed

added BugSmashFund label