Allow for having default end date for the suppression status of CVE's

[Sebastiaan127001]

Is your feature request related to a problem? Please describe.
When using Trivy SARIF files as source, Quality-time reports CVE's in images. In the entities tab, we can see the individual CVEs. After assessing if an CVE is applicable in our situation, we can set it to 'false positive'. But the nature of CVEs is that they can later be applicable if the situation or context changes. Therefore, we want to reassess each CVE after a set amount of time.
(for project F, because we replace the triangle tool)

Describe the solution you'd like
That for certain issues, Quality-time allows snoozing the warning for a limited amount of time, not forever.

Describe alternatives you've considered
You can set a date manually for each CVE, but that is not foolproof.

[fniessink]

Tasks:

• Add desired response times for won't fix, false positive, and will be fixed in the report header ("Desired reaction times" tab).
• Allow the desired response times to be"none"
• (note, the current widgets are integer only and can't be left empty, so this need to be changed).
• When the response time for an entity status is not none, and the user applies the status, also set the status end date.
• Show in the entity status dropdown whether an end date will be applied (like we do in the technical debt dropdown).

Out of scope:

• Technical debt menu.
• Making the desired response times for red, yellow, white, and grey metrics optional