Motivate the need for need/use for this scanner based on existing known vulnerabilities

[ericcornelissen]

Summary

I was browsing to the GitHub Advisory Database for the GitHub Actions ecosystem (looking for potential additions to the ADES2XX rules) and noticed some vulnerabilities that would have been avoided by using this project. For now I'll keep a list here but at some point maybe it makes sense to add it to the documentation.

From new to old:

Advisory	Relevant	-conservative
GHSA-cxww-7g56-2vh6	No	-
GHSA-7x29-qqmq-v6qc	Yes	Yes
GHSA-xj87-mqvh-88w2	Yes	No
GHSA-7f32-hm4h-w77q	No	-
GHSA-ghm2-rq8q-wrhc	Yes	No
GHSA-mcph-m25j-8j63	Yes	No
GHSA-99jg-r3f4-rpxj	No	-
GHSA-8v8w-v8xg-79rf	Yes	Yes
GHSA-hw6r-g8gj-2987	Yes	Yes
GHSA-h3qr-39j9-4r5v	No	-
GHSA-rg3q-prf8-qxmp	Yes	Yes
GHSA-6q4m-7476-932w	Yes	Yes
GHSA-p756-rfxh-x63h	No	-
GHSA-2c6m-6gqh-6qg3	No	-
GHSA-f9qj-7gh3-mhj4	No	-
GHSA-4xqx-pqpj-9fqw	Yes	Yes
GHSA-634p-93h9-92vh	No	-
GHSA-g86g-chm8-7r2p	No	-
GHSA-4mgv-m5cm-f9h7	No	-

Where Relevant means the vulnerability is caused by the use of workflow expressions and -conservative indicates if the problem would be found by ades when using the -conservative flag.