Allow filtering security updates by version scope and CVSS severity

[kalabyshau]

Please add the ability to filter or block security updates in Renovate based on:

• Version impact (e.g., allow only patch/minor security updates)
• CVSS severity level (e.g., apply major upgrades only for high/critical CVEs)

A major update might have only a low or medium severity vulnerability, yet it can still break the entire grouped PR by introducing breaking changes, making it risky to merge alongside safe updates.

[gabriella-speariett]

I'd also love to be able to do some filtering based on the severity of a vulnerability