Feature: stable API to add additional VulnerabilityService instances for private repositories

[davidjmemmett]

Pre-submission checks

• [X] I am not reporting a new vulnerability or requesting a new vulnerability identifier. These must be reported or managed via upstream dependency sources or services, not this repository.
• [X] I agree to follow the PSF Code of Conduct.
• [X] I have looked through the open issues for a duplicate request.

What's the problem this feature will solve?

I'm switching to pip-audit instead of safety (as safety v3 doesn't support private repositories), and I've written a wrapper around the pip-audit library to add an additional VulnerabilityService instance. In order to accomplish this, I've had to recreate the VulnerabilityServiceChoice enum and override it in my wrapper. As I've also had to import a bunch of other packages from within pip-audit, I've noticed that they're all prefixed with _, which in Python typically means private/"don't rely on this as a stable API".

Describe the solution you'd like

At some point in the future, the private API of pip-audit might change and break my wrapper (described above). A stable API to be able to add additional VulnerabilityService instances would allow organisations with private pip repositories to be able to track and flag vulnerabilities in their private repositories without fear that the tooling may suddenly break without notice.

Additional context

No response