Support for Bazel pinned maven_install.json files

[dhalperi]

Is your feature request related to a problem? Please describe.

This is a new type of Java lockfile (think: requirements.txt produced by something like pip-compile).

Describe the solution you'd like
It would be nice if DependencyCheck supported it. Since all dependencies are fully transitively resolved,
I believe that all that needs to be done is creating a virtual dependency corresponding to each dependency.

Describe alternatives you've considered
I thought about:

• producing a bundle jar, and scanning that. Seems heavyweight and relies on the bundling process not to lose any versions.

• auto-generating another manifest (pom.xml?). If DependencyCheck supports scanning a pom.xml in isolation, great. But if not, we recurse. Either way, seems simpler to support this format.

Additional context

For more info, see: https://github.com/bazelbuild/rules_jvm_external/#pinning-artifacts-and-integration-with-bazels-downloader

Note: This is not a niche homegrown thing, but a standard used in increasingly many projects. GitHub search of a sentinel used in the pinned file finds 175 repos at the time of writing: https://github.com/search?q=THERE_IS_NO_DATA_ONLY_ZUUL&type=code

[OrangeDog]

175 repos is indeed very niche.