Incomplete fixes: YML entry and tagger

[andymeneely]

We've noticed that lots of vulnerabilities have incomplete fixes in their history. We should add an entry to the CVE yml skeleton (and push out to all of our YMLs across projects).

• [ ] Write incomplete_fix_description
• [ ] Add incomplete_fix array with "commit/note commit/note" format as above
• [ ] Migrate all the YMLs to have this
• [ ] Add an event generator for this
• [ ] Add a tagger for Incomplete fixes
• [ ] Write an article about Incomplete fixes.

[MattThyng]

I have written a pretty nifty tool to migrate CVEs. It is currently still on the dev branch of the struts repo.