feat(#17): rework cli interface

[sacha-c]

This PR reworks the CLI interface as discussed in #17

What changed in the interface

• removal of testing flag
• removal of public-slack-channel (rational: configurators of the cli should be responsible for using a public or private channel
• rename and group gitlab-groups and gitlab-projects under a generic url flag
  • This --url flag accepts lists of URLS which have a supported platform scheme, and a project or group as the path. For example gitlab://path/to/my/group, or gitlab://path/to/my/namespace, and soon to include github://user/project
• rename report-slack-channel to report-to-slack-channel
• rename report-slack-project-channel to report-enable-project-report-to
• rename report-gitlab-issue to report-to-issue
• add report-to-email which does nothing for the moment.
• adds some short aliases for config and verbose

What changed in gitlab logic
Now that paths can be either a group or a project, the logic was changed to:

1. Try getting the path as a group.
   • If it succeeds, return that group's projects
   • If it fails, try getting the path as a project

The nice thing is that I found out that the gitlab API accepts the path instead of an actual ID, and this simplifies the gitlab logic we had in place 😄 (before we were using the search API to actually find the group, in order to use its real ID, etc.. so we were making more API calls than we now are)

NAME:
   sheriff patrol - Tell sheriff to patrol a GitLab group looking for vulnerabilities

USAGE:
   sheriff patrol [command options]

DESCRIPTION:
   Sheriff will patrol a GitLab group looking for vulnerabilities in the dependencies of the projects in the group.

   You can configure the behavior of Sheriff by providing various flags. (see OPTIONS)
   In addition, you can create a configuration file named sheriff.toml in the current directory. Sheriff will look for this file by default, but you can specify a different configuration file with the --config flag.
   This file is formatted in TOML and can contain any of the flags that can be set on the command line under the 'Reporting' category.


OPTIONS:
   --config value, -c value  (default: "sheriff.toml")

   Miscellaneous:

   --verbose, -v  Enable verbose logging (default: false)

   Reporting (configurable by file):

   --report-enable-project-report-to                    Enable project-level configuration for '--report-to'. (default: true)
   --report-to-email value [ --report-to-email value ]  Enable reporting to the provided list of emails
   --report-to-issue                                    Enable or disable reporting to the project's issue on the associated platform (gitlab, github, ...) (default: false)
   --report-to-slack-channel value                      Enable reporting to the provided slack channel
   --silent                                             Disable report output to stdout. (default: false)

   Scanning (configurable by file):

   --url value [ --url value ]  Groups and projects to scan for vulnerabilities (list argument which can be repeated)

   Tokens:

   --gitlab-token value  Token to access the Gitlab API. [$GITLAB_TOKEN]
   --slack-token value   Token to access the Slack API. [$SLACK_TOKEN]

[scastlara]

This is great! Thank you for this work 🚀

All comments are mostly nits, I am happy with this as is!

Maybe the README needs some love to show how to use this?

[scastlara]

Ah, if only there was a way to cast/validate directly in the cli...

[scastlara]

shall we goroutine it?

[sacha-c]

Agreed! But let's do this in a separate PR. I gave it a quick try and am not seeing our goroutine implementations super clear, maybe we can review them a little

[scastlara]

Totally!