Add the functionality to ignore CVEs and CVSS thresholds to dependency scanning

Relates to: gitlab-org/omnibus-gitlab!2384 (merged)

Currently, builds are set to not fail because of the false positives. As a result, we're not checking the builds. We need to be able to ignore (whitelist) CVEs to reduce the false positives, so we are alerted to failed builds

Edited Aug 30, 2019 by Larissa Lane