[cmd] parse extends sarif output with extra fields

[andyg32]

There are a few fields in the SARIF specification which would be meaningful to be filled out, but today are not generated into the exported files.

• CodeChecker parse already populates Report objects with review status information, but currently only JSON export makes use of it. This PR adds suppression objects to individual results in the SARIF file, according to the spec, including suppression source (source code comment or review config file) and justification message.
  location.physicalLocation may be added in a follow-up PR.

• SARIF rules[] (~checkers) are extended with defaultConfiguration.level and helpUri fields (spec), corresponding to the severity and doc_url checker labels in CodeChecker config.
  Note that this only applies to the CodeChecker parse command at the moment, which has the analyzer context (including a CheckerLabel object) readily available. Doing the same for the standalone report-converter is an orthogonal task, and might entail bigger refactorings.