Ability to create VEX documents from triaging scanner results

VEX documents are intended to be created in response to vulnerability scan results. We should have a way in `vexctl` to make it easy to react to claims made by vulnerability scanners and encode the conclusion(s) as VEX data.

The VEX data produced should be able to be used immediately to filter out results from the given vulnerability scan report.