🎨 Design: Scanner-specific criteria in scan result policies

Problem to be designed for

We have a need to include criteria in scan result policies that may be specific to only certain types of scanners.

Currently the primary need for this is to filter by Container Scanning and Dependency Scanning vulnerabilities for the following conditions:

• whether or not a fix is available (other scanners may have this need in the future as well)
• whether or not a new dependency (new package or version) has been introduced