This goes to (atm) its own "analysis" stage, and builds the package
with the coverity tool, so the results are uploaded to the coverity
site for analysis. This only happens for the master branch as there
is a limit on weekly builds, so can't be free for every change.

The script relies on the COVERITY_TOKEN envvar being set, which should
be done through project settings so it stays private.

One peculiarity with this test is that we explicitly avoid the
-Dtracker_core=subproject option, as we don't want tracker core code
to be compiled with the coverity tool (already does this on its own).