Jenkins-x dev repo configurable security allowances

[tomhobson]

We want some dev repo configuration so that when a pipeline is running and there are some security issues detected we set the allowable level and the contractable parties when that level is exceeded.

For example, larger organisation have security teams that will need to review any possible vulnerabilities, whereas other teams may be happier with the codeowner being @'d when there is a security issue