[FEATURE] Automatically Update Vulnerable Dependencies

[jwise-sncr]

• What are you trying to do?
  I want this plugin to automatically remediate vulnerable dependencies in my project.

• What feature or behavior is this required for?
  Automatic vulnerability remediation

• How could we solve this issue? (Not knowing is okay!)
  After a scan, query SonatypeIQ for the scan results. For each vulnerable dependency with an available fix, update the Gradle project with a non-vulnerable version suggested by SonatypeIQ. When the dependency version is explicitly specified in build.gradle, gradle.properties, or a local version catalog, simply replace the version. For direct dependencies where the version is determined implicitly from a BOM, add the direct dependency (if necessary) to the appropriate configuration and update its version wherever the project keeps its dependency versions. For transitive dependencies, add the transitive dependency to a constraint block against the appropriate configuration and update its version wherever the project keeps its dependency versions.

• Anything else?
  Isolate this functionality in a separate task dependent on the scan task. Allow configuration to include/exclude dependencies from the update. Allow configuration to include/exclude threat levels from the update.

cc @bhamail / @DarthHater / @guillermo-varela / @shaikhu