ci: add SonarCloud scan job (#25421)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

Add a SonarCloud scan job

## **Pre-merge author checklist**

- [x] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

.github/workflows/sonar.yml

@@ -1,18 +1,11 @@
 name: Sonar
 on:
-  workflow_call:
-    secrets:
-      SONAR_TOKEN:
-        required: true
-#  pull_request:
-#    branches:
-#      - develop
-#    types:
-#      - opened
-#      - reopened
-#      - synchronize
-#      - labeled
-#      - unlabeled
+  push:
+    branches:
+      - develop
+  pull_request:
+    branches:
+      - develop
 
 jobs:
   sonarcloud:
@@ -25,8 +18,5 @@ jobs:
       - name: SonarCloud Scan
         # This is SonarSource/sonarcloud-github-action@v2.0.0
         uses: SonarSource/sonarcloud-github-action@4b4d7634dab97dcee0b75763a54a6dc92a9e6bc1
-        with:
-          args: >
-            -Dsonar.javascript.lcov.reportPaths=tests/coverage/lcov.info
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

sonar-project.properties

@@ -1,18 +1,14 @@
-sonar.projectKey=metamask-extension
-sonar.organization=consensys
+sonar.projectKey=metamask-extension-private
+sonar.organization=metamask
 
-# This is the name and version displayed in the SonarCloud UI.
-sonar.projectName=MetaMask Extension
-#sonar.projectVersion=1.0
+# Source
+sonar.sources=app,development,offscreen,shared,types,ui
+sonar.exclusions=**/*.test.**,**/*.spec.**,app/images
 
-# Root for sonar analysis.
-sonar.sources=app/
+# Tests
+sonar.tests=app,test,development,offscreen,shared,types,ui
+sonar.test.inclusions=**/*.test.**,**/*.spec.**
+sonar.javascript.lcov.reportPaths=tests/coverage/lcov.info
 
-# Excluded project files from analysis.
-#sonar.exclusions=
-
-# Inclusions for test files.
-sonar.test.inclusions=**.test.**
-
-# Encoding of the source code. Default is default system encoding
-sonar.sourceEncoding=UTF-8
+# Fail CI job if quality gate failures
+sonar.qualitygate.wait=false