clangsa-sast: add mapping fields for report conversion

Problem to solve

GLAS reports contain both CWE and OWASP identifiers according to rule configuration. The mappings file for clangsa enables configuration of a checker to CWE mapping, but doesn't implement the corresponding mapping for OWASP.

Report "description" and "message" text should also be overridable.

Related

&17682 (comment 2640829680)

Proposal

• add keys to the mapping structure
  • owasp identifiers - with entries analogous to the CWE entries
  • attack-type - a string
  • short-description - a string
  • full-description - a string
• update the schema
• update convert.go
  • add OWASP identifiers to the reports Vulnerability.Identifiers
  • if short-description is set, assign it cwe.Name toVulnerability.Message
  • if full-description is set, assign it toVulnerability.Description
  • add attack-type (where does this go in the report? Vulnerability.Description?)
  • TBD
• add unit tests