Add config file to specify manually patched gems

[firemind]

This adds the ability to specify gems that were patched manually because upgrading wasn't possible.

Take the latest ActiveSupport Vulnerability CVE 2015-3226 for example. Since rails 3.2 is officially no longer supported we had to patch this manually. To ensure the gemsurance test is happy we implemented the feature that was already requested in #11

Here is how the config file (.gemsurance.yml by default) can look like:

manually_patched_versions:
  activesupport:
    2015-3226:
      - 3.2.22

[jonkessler]

Thanks. This needs some tests.

[jonkessler]

Superseded by #26