Ability to ignore vulns

[DarthHater]

This is largely a transposition of what we do in auditjs, but I doubt it's right, so opening a PR for feedback!

This pull request makes the following changes:

• Adds a filter_vulnerabilities to lib.rs, I didn't think this fully merited a huge implementation quite yet

• Uses the json structure from auditjs which is:

  {
  "ignore": [
  { 
    "id": "e3f310ed-219c-4087-aa58-8425b13c3ec5", 
    "reason": "postcss @ 7.x all have this vulnerability, and many dependencies require v7.x, so ignoring for now." 
  }
  ]
  }

• Adds an ignore_file param for pants

It relates to the following issue #s:

• Fixes #46

[amy-keibler]

Uses the json structure from auditjs

Much of the rust ecosystem uses TOML rather than JSON. Are we expecting to have cross-over with auditjs for ignore files? I think we should see if we can support both JSON and TOML if serde will give it to us for free

[DarthHater]

@amy-keibler not so much crossover, but just like, keeping it common amongst the tools. It's different in Nancy, however, so who knows :shrug:

[amy-keibler]

Do they only filter by the UUID or is there a more user-facing way to build up the filter file? (I'm not super familiar with the way we specify vulnerabilities yet, so I added a dbg!() to get the UUID of the one for time in our current project

[DarthHater]

@amy-keibler in nancy we allowed filtering by title, but auditjs we only do uuid (which I suspect is reasonable, as long as we output it, whichhhh I should do in this too).