Produce SARIF report and exit

[jrarmstro]

Is your feature request related to a problem? Please describe.

Creating a comment every time a commit is pushed to a PR is a non-starter for us. We would prefer to just upload the vulns to GHAS.

Describe the solution you'd like to see

The ability to tell Frogbot to scan for vulns on the filesystem, produce a SARIF report, and then exit would be preferable. This way we can interact with the vulnerabilities found by Frogbot in any way we wish.

This would allow folks to workaround issues like #158.

Describe alternatives you've considered

There doesn't seem to be any other way to get the SARIF data from Frogbot. We could use jf xr directly, but then we lose out on Frogbot's ability to automatically detect the dependencies in use.