Add "Security" check: project has published a CVE

[caniszczyk]

We should check that a project has published a CVE

https://github.com/containerd/containerd/security/advisories

It shouldn't have a ton of weight but it's a good practice for projects to do so

[tegioz]

It looks like the Github GraphQL API doesn't allow yet to query security advisories by repository (Rest API doesn't expose this information). Will keep an eye on it though.