feat: Added support for severity in sarif report

[mickem]

Adds severity to sarif reports.

This PR fixes #762

PS. I am not a proficient GO programmer so any and all feedback and ideas for improving this is appreciated.

The new fields are properties and severity in the example below, I added severity as a string to the bundle as that is how I interpret the GitHub docs A string representing a score that indicates the level of severity.
If no severity is available the field is left out.

          "rules": [
            {
              "id": "",
              "name": "",
              "shortDescription": {
                "text": ""
              },
              "fullDescription": {
                "text": "",
                "markdown": ""
              },
              "deprecatedIds": [
                "CVE-2022-24713",
                "RUSTSEC-2022-0013",
                "GHSA-m5pq-gvj9-9vr8"
              ],
              "help": {
                "text": "",
                "markdown": ""
              },
              "properties": {
                "security-severity": "7.5"
              }
            },

This should hopefully be according to GitHub specification here: https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#reportingdescriptor-object

[another-rex]

Thanks for the contribution! LGTM, just a minor nit.

[another-rex]

This needs to go below the stdlib imports.

[mickem]

Should be fixed now.

[mickem]

Fixed some tests I had missed and since there were some conflicts with main I rebased and force pushed to keep the PR clean and green.

[mickem]

The golangci-lint I think fails as a side effect of the other jobs failing and GitHub pulls the plug on the run.

The other jobs fail as there is a new CVE since I updated the PR, so if I know when we will run the builds next I can make sure the PR is green before that time. As it seems to check live data there are new CVE:s popping up on and off.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 68.79%. Comparing base (3bd1565) to head (a74c748).
Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1587      +/-   ##
==========================================
+ Coverage   68.77%   68.79%   +0.01%     
==========================================
  Files         199      199              
  Lines       18949    18961      +12     
==========================================
+ Hits        13032    13044      +12     
  Misses       5221     5221              
  Partials      696      696              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.