As well as performing ad-hoc evaluations on the command-line with
`dmd policy evaluate`, we should also make it possible to store the
state in the DB.

This introduces a new command-line call, `dmd db generate
policy-violations`, which allows us to process each policy file in the
specified directory.

This introduces the new `policy_violations` table, instead of reusing
`advisories`, as the `policy_violations` can have more detail than
`advisories`. This was chosen to avoid trying to make `advisories` too
complicated with lookups, and instead focus on a separate
fit-for-purpose model.

As this introduces a table, we need to provide the plumbing for a new
`Repository`. We'll implement the anonymisation functionality in #283,
as it needs some thinking before implementation.

Closes #268.