Enhancement - Status Policy - Decide how to handle non-open alerts that are not "Fixed"

[felickz]

Should we still report on certain status and consider even failing on dismissed items. Add these to the report #10

Currently thinking to have these buckets - could make this a configurable policy on the action

• 🔴 Fail
• 🟡 Warn
• 🟢 OK

States: auto_dismissed, dismissed, fixed, open

Dismissed Reasons: fix_started, inaccurate, no_bandwidth, not_used, tolerable_risk

Proposed default policy:

• 🔴open
• 🔴auto_dismissed (no fix available)
• 🟡auto_dismissed (other reason)
• 🔴dismissed - fix_started
• 🔴dismissed - no_bandwidth
• 🟡dismissed - innacurate
• 🟡dismissed - not_used
• 🟢fixed (would be interesting to see the resolution in a report that you have fixed a vuln that is potentially being exploited)