Provide info about configuration and project name for vulnerable dependency

[ov7a]

Currently, the report looks like this:

While it's great that it points to settings.gradle.kts, but it's unclear from a get-go where exactly the dependency comes from (production/tests, direct/transitive, project/plugin/version catalog/included build/build logic etc)

It would be nice to have at least project name and configuration name in the description

[bigdaz]

We tried, but there's no mechanism in the GitHub Dependency Graph API to map a dependency to a particular project/configutration, without having a separate vulnerability alert reported for every project/configuration that uses the dependency.

This readme partly explains the reason for this: https://github.com/gradle/actions/blob/main/docs/dependency-submission-faq.md#why-arent-dependencies-be-linked-to-the-source-file-where-they-are-declared

The team at GitHub are aware of this limitation, and we've discussed plans to improve this in the future.