Add CVE issues to envoy.dependency.check #192
Description
Currently, in Envoy CI, when a failing CVE is found for a dep the job errors until the issue is resolved by the dep being updated, or the CVE being excluded.
Often this is not noticed immediately.
If we instead of erroring, just warned that there is a failing CVE in CI, and then - as we do with "Newer release" tickets - created a ticket that a "Dependency CVE issue" had been found, we would more likely notice, have something to close through resolution, and the checker wouldnt error, unless something unexpected happened
We can fairly easily repurpose the release-issues check to achieve this, altho it will take a little refactoring to handle multiple issue trackers/issue types