Use the VirusTotal API to scan submitted add-ons for malicious content

[seanbudd]

The scanning implemented in #2660 generally covers cases where an add-on author may not be aware of security risks of an add-on. In general, CodeQL scanning is more designed around finding security issues caused by accident/ignorance, rather than maliciously designed code. A maliciously constructed add-on could be built and potentially pass these checks. Scanning with VirusTotal will further catch dangerous add-ons i.e. add-ons bundled with known malware.

https://docs.virustotal.com/reference/overview