Improve --output CLI help and README and deprecate --file

[tgerla]

This is basically a copy of syft#2165, but for Grype.

Based on the discussion in anchore/syft#1062, we want to improve the CLI help text for the --output parameter, and deprecate the --file parameter. The --output help text currently looks like:

-o, --output stringArray report output formatter, formats=[json table cyclonedx cyclonedx-json sarif template], deprecated formats=[embedded-cyclonedx-vex-json embedded-cyclonedx-vex-xml]

...and it's not clear from that help text that you can do:

-o json=out.json -o table=table.txt

This means that the --file parameter is kind of redundant and confusing, so we should deprecate that option.

We should also update the Grype README to explain the multiple output functionality, like Syft.

[josephlim75]

Would like to know how can I achieve multiple template output ? For example, I would like to generate the following output for a single command :-

1. I want grype to be able to display on stdout
2. I want grype to be able to generate xml (junit) and html report at the same time while also display on stdout

grype <image> --only-fixed --fail-on high -o template=/report.html -t=/usr/local/share/grype/templates/grype-html.tpl -o template=/report.xml -t=/usr/local/share/grype/templates/grype-junit.tpl

The above command doesn't work. It created 2 report output but just using the last template which is junit

[willmurphyscode]

Hi @josephlim75 - I think your comment will be easier to track if it's in its own issue. I've opened #1531 as a feature request to request specifying multiple templates. Thanks!