NuGetAudit must not cause restore to fail

[zivkan]

Bug

Fixes: NuGet/Home#13085

Regression? no

Description

While the vulnerability info resource is designed to fail gracefully (not throw, return a result object with an exception), if restore didn't need to talk to any sources before running audit, then getting the service index, or getting the vulnerability resource from the service index can throw. This needs to be guarded because Audit should never cause a build to fail (unless customers opt into warnings as errors)

PR Checklist

• PR has a meaningful title

• PR has a linked issue.

• Described changes

• Tests

  • Automated tests added
  • OR
  • Test exception
  • OR
  • N/A

• Documentation

  • Documentation PR or issue filled
  • OR
  • N/A

[nkolev92]

Can we fix the SolutionRestoreJob side too?

It should not crash if a single project throws should it?
If you prefer that to be handled in a separate PR, please create an issue.

[zivkan]

• Multi-project restore should be resiliant to one project throwing an unhandled exception Home#13188

It's really not clear to me how to solve the unhandled exceptions. Where and how should the errors be reported to customers in VS? How should the error be shown on the CLI? Should a "fake" assets file be created and written out?

If I was to work on it, it'd take me significantly longer than what this PR has already taken me, so I think it's better off as a different issue/PR.

[donnie-msft]

Solves customer feedback: https://developercommunity.visualstudio.com/t/dotnetexe-80200-cannot-restore-from/10597271