adds support for sarif output

Closes #436

Left some comments/questions for reviewers as part of self-review

go run cmd/main.go -f internal/sarif/fixtures/apparmor-invalid.yaml all --format="sarif" > kubeaudit.sarif will yield a new sarif report (kubeaudit.sarif):

{
  "version": "2.1.0",
  "$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json",
  "runs": [
    {
      "tool": {
        "driver": {
          "informationUri": "https://github.com/Shopify/kubeaudit",
          "name": "kubeaudit",
          "rules": [
            {
              "id": "AppArmorInvalidAnnotation",
              "name": "apparmor",
              "shortDescription": {
                "text": "AppArmorInvalidAnnotation"
              },
              "help": {
                "text": "**Type**: kubernetes\n**Auditor Docs**: To find out more about the issue and how to fix it, follow [this link](https://github.com/Shopify/kubeaudit/blob/main/docs/auditors/apparmor.md)\n**Description:** Finds containers that do not have AppArmor enabled\n\n *Note*: These audit results are generated with `kubeaudit`, a command line tool and a Go package that checks for potential security concerns in kubernetes manifest specs. You can read more about it at https://github.com/Shopify/kubeaudit "
              },
              "properties": {
                "tags": [
                  "security",
                  "kubernetes",
                  "infrastructure"
                ]
              }
            },
            {
              "id": "AutomountServiceAccountTokenTrueAndDefaultSA",
              "name": "asat",
              "shortDescription": {
                "text": "AutomountServiceAccountTokenTrueAndDefaultSA"
              },
              "help": {
                "text": "**Type**: kubernetes\n**Auditor Docs**: To find out more about the issue and how to fix it, follow [this link](https://github.com/Shopify/kubeaudit/blob/main/docs/auditors/asat.md)\n**Description:** Finds containers where the deprecated SA field is used or with a mounted default SA\n\n *Note*: These audit results are generated with `kubeaudit`, a command line tool and a Go package that checks for potential security concerns in kubernetes manifest specs. You can read more about it at https://github.com/Shopify/kubeaudit "
              },
              "properties": {
                "tags": [
                  "security",
                  "kubernetes",
                  "infrastructure"
                ]
              }
            }
          ]
        }
      },
      "results": [
        {
          "ruleId": "AppArmorInvalidAnnotation",
          "ruleIndex": 0,
          "level": "error",
          "message": {
            "text": "Details: AppArmor annotation key refers to a container that doesn't exist. Remove the annotation 'container.apparmor.security.beta.kubernetes.io/container: badval'.\n Auditor: apparmor\nDescription: Finds containers that do not have AppArmor enabled\nAuditor docs: https://github.com/Shopify/kubeaudit/blob/main/docs/auditors/apparmor.md "
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "internal/sarif/fixtures/apparmor-invalid.yaml",
                  "uriBaseId": "ROOTPATH"
                },
                "region": {
                  "startLine": 1
                }
              }
            }
          ]
        },
        {
          "ruleId": "AutomountServiceAccountTokenTrueAndDefaultSA",
          "ruleIndex": 1,
          "level": "error",
          "message": {
            "text": "Details: Default service account with token mounted. automountServiceAccountToken should be set to 'false' on either the ServiceAccount or on the PodSpec or a non-default service account should be used.\n Auditor: asat\nDescription: Finds containers where the deprecated SA field is used or with a mounted default SA\nAuditor docs: https://github.com/Shopify/kubeaudit/blob/main/docs/auditors/asat.md "
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "internal/sarif/fixtures/apparmor-invalid.yaml",
                  "uriBaseId": "ROOTPATH"
                },
                "region": {
                  "startLine": 1
                }
              }
            }
          ]
        }
      ]
    }
  ]
}

Examples of the sarif output being used with Github Code Scanning. SARIF uploaded with a Github action that _thepwagner set up in a private repo:

Type of change

[ ] Bug fix :bug:
[x] New feature :sparkles:
[x] This change requires a documentation update :book:
[x] Breaking changes :warning: => if we rename Name to Rule, users of the library will need to update the code when they bump the version

How Has This Been Tested?

[x] Running the following go run cmd/main.go -f internal/sarif/fixtures/apparmor-invalid.yaml all -s kubeaudit.sarif will yield a new sarif report (kubeaudit.sarif) as well as print the results on the terminal

Checklist:

[x] I have :tophat: my changes (A 🎩 specifically includes pulling down changes, setting them up, and manually testing the changed features and potential side effects to make sure nothing is broken)
[x] I have performed a self-review of my own code
[x] I have made corresponding changes to the documentation
[x] I have added tests that prove my fix is effective or that my feature works
[x] New and existing unit tests pass locally with my changes
[ ] The test coverage did not decrease
[x] I have signed the appropriate Contributor License Agreement

Shopify / kubeaudit

adds support for sarif output #453

Type of change

How Has This Been Tested?

Checklist: