CI: Enable full semgrep scan on develop (#2760)

This enables full semgrep scans on develop while retaining
incremental scans on PR branches. This should help with the
baseline stats + showing fixed commits.
Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

.circleci/config.yml

@@ -506,8 +506,7 @@ jobs:
           type: string
           default: develop
     environment:
-      # Scan changed files in PRs, block on new issues only (existing issues ignored)
-      SEMGREP_BASELINE_REF: << parameters.diff_branch >>
+      TEMPORARY_BASELINE_REF: << parameters.diff_branch >>
       SEMGREP_REPO_URL: << pipeline.project.git_url >>
       SEMGREP_BRANCH: << pipeline.git.branch >>
       SEMGREP_COMMIT: << pipeline.git.revision >>
@@ -520,6 +519,16 @@ jobs:
     resource_class: xlarge
     steps:
       - checkout
+      - unless:
+          condition:
+            equal: [ "develop", << pipeline.git.branch >>]
+          steps:
+            - run:
+                # Scan changed files in PRs, block on new issues only (existing issues ignored)
+                # Do a full scan when scanning develop, otherwise do an incremental scan.
+                name: "Conditionally set BASELINE env var"
+                command: |
+                    echo 'export SEMGREP_BASELINE_REF=${TEMPORARY_BASELINE_REF}' >> $BASH_ENV
       - run:
           name: "Set environment variables" # for PR comments and in-app hyperlinks to findings
           command: |