IgnorePathIssues config option to treat some issues as non-fatal

[rvagg]

I'm getting notarization working for our Node.js .pkg files (ref nodejs/node#29216) using gon but we have a small problem: there are binaries deep inside the pkg (inside a pkg for npm which is inside the pkg) that is neither signed or hardened. It's a minor dependency of npm that's not essential to installing Node and it'll only be encountered on command-line usage so ought to not be a problem for users.

Apple passes the notarization but reports 3 "issues" for this particular file, because of #6, any issues are treated as fatal. But in this case, it doesn't appear to cause any problems for the package, it can be installed and used just fine even with this unsigned executable inside it.

So, this PR is a suggestion of a way around that. It lets you keep the #6 behaviour and lets users of gon opt-in to treating certain issues as non-fatal by matching the "path" reported by Apple for each issue. Happy to adjust as needed to fit nicely with the rest of the tool nicely, or perhaps you have a suggestion for an alternative route?

Here's a copy of a log with these issues so you can see what we're dealing with: https://gist.github.com/rvagg/d9befda67accfe1355f7cf6da399980b, it results in this stderr:

    3 issues during notarization:
    Issue #1 (warning) for path "node-v14.0.0-nightly202001223e5fd51bb9.pkg/npm-v6.13.6.pkg Contents/Payload/usr/local/lib/node_modules/npm/node_modules/term-pick 9e4977fe22 src: better encapsulate native immediate list
size/vendor/macos/term-size": The binary is not signed.
    Issue #2 (warning) for path "node-v14.0.0-nightly202001223e5fd51bb9.pkg/npm-v6.13.6.pkg Contents/Payload/usr/local/lib/node_modules/npm/node_modules/term-size/vendor/macos/term-size": The signature does not include a secure timestamp.
    Issue #3 (warning) for path "node-v14.0.0-nightly202001223e5fd51bb9.pkg/npm-v6.13.6.pkg Contents/Payload/usr/local/lib/node_modules/npm/node_modules/term-size/vendor/macos/term-size": The executable does not have the hardened runtime enabled.

[rvagg]

It seems like maybe this is irrelevant, if Apple is just going to turn them back into fatals next month then we can't ignore them: nodejs/node#31459 (comment)

[gdams]

yeah I propose we close this out as it's going to stop working next month

[rvagg]

there's some tests in here that might be useful even if I remove the new config options; @mitchellh let me know if you would like me to refactor it to just the tests for existing code, or if they're not worth the bother.