Ability to ignore vulns

[DarthHater]

This is largely a transposition of what we do in auditjs, but I doubt it's right, so opening a PR for feedback!

This pull request makes the following changes:

• Adds a filter_vulnerabilities to lib.rs, I didn't think this fully merited a huge implementation quite yet
• Uses the json structure from auditjs which is:

{
  "ignore": [
    { 
      "id": "e3f310ed-219c-4087-aa58-8425b13c3ec5", 
      "reason": "postcss @ 7.x all have this vulnerability, and many dependencies require v7.x, so ignoring for now." 
    }
  ]
}

• Adds an ignore_file param for pants

It relates to the following issue #s:

• Fixes Support a .pants-ignore file (similar to how Nancy does it). #46

[amy-keibler]

It would probably be a good idea to do something like this serde example which uses from_reader with a BufReader to stream the data from disk directly to the parser. It will be slightly more performant

[DarthHater]

In: 546bb80

[amy-keibler]

Uses the json structure from auditjs

Much of the rust ecosystem uses TOML rather than JSON. Are we expecting to have cross-over with auditjs for ignore files? I think we should see if we can support both JSON and TOML if serde will give it to us for free

[DarthHater]

@amy-keibler not so much crossover, but just like, keeping it common amongst the tools. It's different in Nancy, however, so who knows 🤷

[amy-keibler]

Do they only filter by the UUID or is there a more user-facing way to build up the filter file? (I'm not super familiar with the way we specify vulnerabilities yet, so I added a dbg!() to get the UUID of the one for time in our current project

[DarthHater]

@amy-keibler in nancy we allowed filtering by title, but auditjs we only do uuid (which I suspect is reasonable, as long as we output it, whichhhh I should do in this too).