Track API URL in `.phylum_project` (if not prod)

[kylewillmon]

The .phylum_project file contains the Project ID and (optionally) group name. But it does not contain the API URL. This leads to unknown project errors if a .phylum_project file is, for example, created on staging and then run against prod.

It would be nice if we tracked the API URL in the .phylum_project file. To avoid clutter, we could skip adding the URL if it matches the default (which is prod).

Then, at a minimum, we can check it against the configured URL and give a more reasonable error message. Or, more preferably, we could update the config format to store URL/token pairs, and execute queries against the correct instance per project.

This would also help phylum-ci now that it is using the .phylum_project file to build the project URL (as of phylum-dev/phylum-ci#54)

It's very possible that this idea would cause more trouble than it's worth, but I think it's worth considering.