Add option to, on prevented pull, tell exactly which CVE was blocking

[hoerup]

When trying to pull a image that blocked by the 'Prevent vulnerable images from running.' the user only sees this message

Error response from daemon: unknown: current image with 4 vulnerabilities cannot be pulled due to configured policy in 'Prevent images with vulnerability severity of "Critical" or higher from running.' To continue with pull, please contact your project administrator to exempt matched vulnerabilities through configuring the CVE allowlist. (manager.go:250:0s)

It would be helpful if they were able to see exactly which CVE's is blocking

[stonezdj]

You also could query in the security Hub to find out the image with critical CVE's