Refine justifier.py script and add to pipeline so vendors can get feedback on inherited findings

Vendors would like to know which of their vulnerabilities are inherited from the base image when they retrieve an all-scans.xlsx file. In order to do that, we need to run the justifier.py script in the pipeline to generate this.

However, there are some aspects of the justifier.py script which need to be buttoned up. This needs to take place prior to implementing the script in the pipeline.