uv audit: `--ignore` and `--ignore-until-fixed` (#18737)
## Summary
This adds two new options to `uv audit` plus their corresponding config
fields: `--ignore` and `--ignore-until-fixed`. These do pretty much what
they say on the tin:
- `--ignore ID` ignores the given vulnerability by ID, unconditionally.
Any ID (including aliases) can be used, since it's common for people to
use CVE IDs even though we consider PYSEC and OSV "more" canonical.
- `--ignore-until-fixed ID` ignores the given vulnerability by ID
*until* a fix version appears.
Both options are additive, i.e. can be passed multiple times. I've also
implemented a `[tool.uv.audit]` section that these will live under on
the config side.
Please bikeshed the naming, I'm not confident on it!
See https://github.com/astral-sh/uv/issues/18506.
## Test Plan
Added unit tests for both the CLI and config pathways.
---------
Signed-off-by: William Woodruff <william@astral.sh>
