Advisory's database should require further review based on impact-size

[ThisIsMissEm]

Today we had a Github Security Advisory come through for the globby package, warning about glob-parent being insecure. This security advisory ended up breaking installs and audits for a significant number of packages, including lerna, @typescript-eslint/* and many many more.

It turns out, that the author of the original advisory had miscalculated the version range, but it was approved for inclusion:

• github/advisory-database@11a6c8f
• https://github.com/github/advisory-database/pull/533/files
• https://github.com/github/advisory-database/pull/535/files
• https://github.com/github/advisory-database/pull/535/files

As a change, I would like to suggest that all advisories automatically have a report generated of how many dependencies will be become affected by a new advisory, and alert the team to closer scrutinise the advisory before publishing, such that developers don't suddenly have things breaking across their entire ecosystem.