Add a config file option for issues to ignore

[leanne73]

It would be nice if you could specify CVEs to ignore via a config file, similar to bundler-audit's config file, instead of needing to append them each to the ruby-audit command using -i.

[mikesaelim]

I can take this.

What should happen if someone specifies ignored CVEs through both the -i command line option and the config file? It looks like bundler-audit's logic says: if there are ignored CVEs specified through the -i command line option, then they override whatever is in the config file, instead of adding to it. I'm not so sure about this choice, but maybe it's best to follow the same convention so that users of both ruby_audit and bundler-audit aren't surprised?

Edit: Also, should we use the same default config filename, .bundler-audit.yml? And the same structure? I can see an argument for not wanting to tightly couple our config file to theirs, but I can also see an argument for not making users keep two config files in sync.