Allow "acknowledgement" of security issues

Often a project isn't affected by a particular security vulnerability (eg. because the vulnerable code path is never executed in the using application or because other counter measures prevent the vulnerability from being exploited).

Add an option to "acknowledge" (with mandatory comment) a particular vulnerability for a dependency. Of course the acknowledgement should be reset once ANOTHER vulnerability for that dependency gets known.