Add the value none as the possible values for the fail-on-severity parameter

[tgrall]

Add the value none as the possible values for the fail-on-severity parameter

Problem

• It would be useful to provide a parameter to the action that will only list all the anomalies and do not fail
• The idea is to match one of the none value that can be used in the "Code Scanning" options
  • Code Scanning alerts are still raised, but the PR is not failing/blocked
  • see Defining the severities causing pull request check failure

Solution

• Add the value none as the possible values for the fail-on-severity parameter
• when set to none the action will:
  • not block the PR (raise an alert) in one or more vulnerabilities, or invalid licences are found
  • a warning will be publish
  • all alerts will be printed in the summary (vulnerabilities & licences)
• Default behaviour is not changed and the value is set to low

[felickz]

This would be a great enhancement as today you need to set the fail scenario to see any CVE data in the action. This can be important information to have at hand even if you are not wanting to fail the workflow.

Further example: we might want to warn on dev dependency scoped fail-on-scopes but fail on runtime.