Support the SARIF output format for Cobra output

[mjeronimo]

In order to integrate with tools that support a software development process envisioned for Space ROS, Cobra should support the SARIF output format for detected issues:

• http://docs.oasis-open.org/sarif/sarif/v2.0/csprd01/sarif-v2.0-csprd01.html
• https://sarifweb.azurewebsites.net/

Jenkins integration is a higher priority (JUnit XML format output), but SARIF is also desirable. It would also be helpful to be able to output both file types for a single scan (so that the tool doesn't have to be run again just to produce a different output format).

[nimble-code]

will look into it

[nimble-code]

For now, the work is aimed at allowing Cobra to both write and read JSON formatted warnings, and develop selected converters into and out from other formats like SARIF, JUnit, etc. (e.g., the JPL Scrub format is another often requested format). We can of course revisit this issue once some experience with JSON converters is obtained, and proves insufficient for any reason.