Suggestion: Support tool plug-ins

[ghost]

Suppose you have an analysis tool MyTool.exe that accepts plug-ins, for example ContosoSecurityRules.dll. SARIF has no way to specify the versions of the plug-ins that the tool is using.

Worse than that: if your tool specifies plug-ins on the command line, then at least they'll show up in the invocation.commandLine property. But of your tool finds plug-ins by looking in a well-known directory, then they won't be on the command line, and even the names of the plug-ins won't appear in the SARIF file.

Proposal:
Define a plugIn object with properties fileLocation (of type fileLocation) and version (of type string). Give tool a new property plugIns of type "array of plugIn".

[ghost]

Probably the plugIn object would have the same set of versioning properties that tool does: version, semanticVersion, and fileVersion (but not sarifLoggerVersion).

[michaelcfanning]

@lgolding this is a duplicate of #179, can we close this one or the other?

[ghost]

@michaelcfanning Yes, it is a duplicate. I'll close this one, and paste the specific proposals I made here into #179.