Add recursive scan of file system outside of node_modules

[ButterB0wl]

The third party API for IQ now accepts sha1 hashes

Plan is to do an async recursive scan concurrently with any processes that occur before the submission of the cyclonedx bom to IQ Server, at which point we can append all the hashes and get package level results for node-managed deps, and file level implications for everything outside of it

Should be toggled by a flag as a expect this will increase scan times quite a bit, but this will allow auditjs to be functionally similar to the IQ CLI

[ButterB0wl]

Currently occurrences are a blocker for this as file level results are kind of useless without it.

Also need to figure out a way to deal with duplicates for the same component.

I'm of the opinion that we should run the cyclonedx scan for any node_modules we find in a deep scan as that would handle most of the noise, and then do the individual file level results for everything else.

For individual js or minified js files that are not brought in by npm, I would want a line item for each one anyway as each would be an instance that needs to be managed or removed.