* Add owasp dependency scan
* Add github action to upload results
* Remove unused javalin dependency, also generate html reports
* formats instead of format
* Restore javalin dependency (make revert easier later if necessary)
* Set OWASP to run on PR plus better names for sarif upload
