Add property to control "Verified" flag in DefectDojo integration

[mekras]

Current Behavior

Dependency-Track always sets "Verified" flag when uploading findings to DefectDojo. And this is hard-coded:

• https://github.com/DependencyTrack/dependency-track/blob/4.10.1/src/main/java/org/dependencytrack/integrations/defectdojo/DefectDojoClient.java#L69
• https://github.com/DependencyTrack/dependency-track/blob/4.10.1/src/main/java/org/dependencytrack/integrations/defectdojo/DefectDojoClient.java#L176

Proposed Behavior

Usually, the "Verified" flag is set when testers have successfully exploited a vulnerability, i.e. it is set only manually. The automatic setting of the flag disrupts the vulnerability analysis process.

I suggest adding another property to the project settings to control the desired state of the flag.

Checklist

• [X] I have read and understand the contributing guidelines
• [X] I have checked the existing issues for whether this enhancement was already requested

[mekras]

See also https://github.com/DependencyTrack/dependency-track/discussions/2431

[mekras]

This is from DefectDojo: