Extend composer audit

Some projects do not always use the latest version of each package, especially from the lakedrops namespace. This is due to dependency issues, but this often remains unnoticed. We should create reports on such scenarios so that we can do something about it.

In that context, let's review mxr576/ddqg-composer-audit for audits. This extends composer audit such that it also reports about Drupal specific CVEs. We could add this to our pipelines to get more insight.