Better handling of upstream CVE scans

Today, our environment found an upstream CVE for the first time:

+-------------------+----------------------------------------------------------------------------------+
| Package           | enshrined/svg-sanitize                                                           |
| CVE               | CVE-2023-28426                                                                   |
| Title             | svg-sanitizer has Cross-site Scripting Bypass                                    |
| URL               | https://github.com/advisories/GHSA-xrqq-wqh4-5hg2                                |
| Affected versions | <0.16.0                                                                          |
| Reported at       | 2023-03-20T20:44:30+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+

and blocked the updates. Checking, why this package is included, we get this:

drupal/svg_image          1.16.0     requires  enshrined/svg-sanitize (>=0.15 <1.0) 
drupal/svg_image_field    2.2.0      requires  enshrined/svg-sanitize (~0.15)       
roave/security-advisories dev-master conflicts enshrined/svg-sanitize (<0.15)   

Now, there are at least 2 issues with this process:

• The pipeline does not output the test result, it just stops processing as expected. We need to make sure, that the logs are showing the output in such cases.
• As we test for this before updating, this will probably never go away. We should test this after composer update to see if the supposed to be deployed code contains any upstream CVEs.