Add output format for "quay"

[crozzy]

This came up and wanted to formulate the idea here.

Background

The clair output format is the format that clair returns by default when requesting a vulnerability-report, this format is documented extensively here: https://github.com/quay/clair/blob/main/Documentation/reference/api.md#matcher. This works well as a lot of our consumers are going to be already familiar with that format.

Proposal

Some consumers of this project will be used to ingesting data directly from Quay, specifically the sec scan API, this is essentially the same data contained in the clair format but parsed differently. The proposal is to add a quay format that replicates the secscan API response format.

This seems like a useful feature, but I'm a little worried about the maintainability of such a feature.

[crozzy]

#5 potential implementation

[jsztuka]

Expanding clair action with "quay" format in output would be much appreciated. Thanks to its simplicity its easy to parse individual vulnerabilities and its packages. This format would definetly find its role within HACBS-Test stream.