Consider showing composer audit results in a report

Problem/Motivation

Spin-off from 📌 Look into skipping audit of composer operations in package manager Active .

The composer audit command shows whether there are any CVEs associated with composer dependencies.

The update status module shows security updates from Drupal.org's update xml, however it doesn't currently show vulnerabilities in other composer dependencies.

It would be possible to extend the report to show these via using package_manager's ability to run composer commands - it could only be done with package_manager is enabled though.

Steps to reproduce

Proposed resolution

Remaining tasks

User interface changes

Introduced terminology

API changes

Data model changes

Release notes snippet