v1.4.0 Ignore and sort findings, CVSS3 support

Headline changes

• Findings can be ignored either in local repository configuration or globally using agent configuration.
• Findings are now sorted by severity, then by CVSS score (if supplied)
• CVSS3 details from the ECR scan are now supported and preferred. CVSS2 is only rendered when version 3 is not available, and it's clearly marked.
• Links to cve.mitre.org are translated to the new cve.org site, providing better details and nicer rendering
• The plugin will no longer try to download findings if the build has failed (as the image will not be available anyway). This avoids misleading error annotations.

What's Changed

• fix: update Backstage catalog ownership to match Github teams by @backstage-culture-amp in #15
• [CSRE-2234] upgrade golang dependencies by @ngocpea in #16
• doc: Adds guidelines on vulnerability thresholds configuration by @therealvio in #17
• fix: update Backstage catalog ownership to match Github teams by @backstage-culture-amp in #19
• chore: upgrade Go and golangci-lint by @jamestelfer in #21
• fix: switch to autogold from testza by @jamestelfer in #22
• fix: sort results in summary by severity by @jamestelfer in #20
• fix: only download results when build succeeds by @jamestelfer in #23
• feat: allow findings to be ignored by @jamestelfer in #25
• feat: support CVSS3 scores in rendered annotation by @jamestelfer in #26
• fix: sort descending by CVSS scores first by @jamestelfer in #27
• fix: allow ignore reason to render as Markdown by @jamestelfer in #28

New Contributors

• @ngocpea made their first contribution in #16
• @therealvio made their first contribution in #17

Full Changelog: v1.3.0...v1.4.0