Add method to suppress output for rules that have no failures

[rgmz]

Is your feature request related to a problem? Please describe.

When running poutine analyze_org¹, printFindingsPerRule prints information for every rule tested. While this is informative, it seems needlessly verbose given that (i) the rule had no detections, and (ii) this information is summarized at the end.

Rule: CI Component with a Known Vulnerability used
Severity: warning
Description: The workflow or action depends on a GitHub Action with known vulnerabilities.
Documentation: https://github.com/boostsecurityio/poutine/blob/main/docs/content/en/rules/known_vulnerability.md

No findings for this repository

Describe the solution you'd like
A flag allowing you to configure how verbose the output is (not the same as --verbose, I believe.)

Describe alternatives you've considered

A few other options I've considered:

• Remove this output unless the rule has a finding by default

  There is already similar behaviour if an analysis yields no findings

  Analyzing repositories 100% |████████████████████████████████████████| (16/16)
  
  9:28PM | INFO  | No results returned by analysis
  

• Add a flag to completely disable this output (summary only for quick spot-checks could make sense, but idk)

Additional context
I'm happy to provide a PR for an agreed upon solution.

Footnotes

1. This may be relevant for other commands. I haven't tested anything else yet. ↩