Enable WhiteSource integration

[maoo]

As part of FINOS infrastructure, we are enabling WhiteSource security scanning across all our hosted projects; this PR contains the bot configuration.

After this PR gets merged, I will personally enable the WhiteSource GitHub app and the scanning will begin: every build descriptor (ie pom.xml, package.json, etc) will be executed and all direct/transitive dependencies will be scanned for security vulnerabilities.

If any vulnerability is found, by default a new GitHub issue will be created, with all details needed by the team to investigate further; there may be false positives (ie vulnerabilities spotted on non-runtime dependencies), which must be tackled by updating the WhiteSource bot configuration.

Please note that the public scope of these issues may pose a security threat for production environments; if that is the case, I can help you configuring WhiteSource to send email notifications, instead of using public GitHub Issues.

More info on WhiteSource security scanning can be found on https://finosfoundation.atlassian.net/wiki/spaces/FDX/pages/1129283585/WhiteSource+for+GitHub.com ; to know more about FINOS policies on how to manage a responsible disclosure of security issues, please read https://finosfoundation.atlassian.net/wiki/spaces/FINOS/pages/1230176257/Security+Vulnerabilities+Responsible+Disclosure+Policy

Thank you!

[ColinEberhardt]

Merged - now let's wait for the tsunami! 🌊

[maoo]

WhiteSource app enabled; it appears that the .whitesource file must be updated AFTER the GitHub App is enabled; I sent a PR that includes a styling change to the file.