feat: support SARIF output formatter

[yeshan333]

SARIF (Static Analysis Results Interchange Format) is an OASIS Standard that defines an output file format. The SARIF standard is used to streamline how static analysis tools share their results.

SARIF can be used by GitHub Code Scanning feature, which ill produce reports avaliable from the GitHub Security tab. I haven built a sample repository for the PR, you can use this sample repository to see the general effect.

In Security Tab: https://github.com/yeshan333/luacheck_sarif_report_demo/security/code-scanning

In Pull Request: yeshan333/luacheck_sarif_report_demo#1

[alerque]

Adding the SARIF output format sounds great. I'm sure there is legitimate uses for that ... I'm not convinced showing up in the "security" tab is what we want to have happen though. Most of the code lints luacheck produces are not likely to be security related.

Also a bit of a concern about deterministic testing...see code comments.

[yeshan333]

SARIF is a Standard Static Analysis Results Interchange Format. There are tools such as megalinter that aggregate the scans of multiple tools into a single SARIF report that can be used in a variety of CI systems. It's a bit strange for Github to classify scan results in Security Tab.

[myzhan]

It's awesome! I'm using megalinter in my project, which using multiple languages, including lua. So an united output format is needed.