Quality-report

* Removed the additional_resources option to add extra urls to projects.

* Better norm description for the ZAP Scan alerts metrics.
* Create separate requirement for the ZAP Scan alerts metrics to ease introduction: `requirement.OWASP_ZAP`.

* Support for the ZAP Scan report. To use it, in the project definition, create the metric source:
`ZAP_SCAN_REPORT = metric_source.ZAPScanReport()`
Add the metric source to the project:
`PROJECT = Project(..., metric_sources={metric_source.ZAPScanReport: ZAP_SCAN_REPORT})`
And then specify for each product the security requirement and where its ZAP Scan report can be found:
`PRODUCT = Product(requirements=[requirement.OWASP], metric_source_ids={ZAP_SCAN_REPORT: 'http://url/to/report.html'}`
This will cause the report to contain to new metrics: `metric.HighRiskZAPScanAlertsMetric` and
`metric.MediumRiskZAPScanAlertsMetric`.

* Split the OWASP dependency warning metric into two metrics, one for high priority warnings and one for normal
priority warnings.

* Bug fix: Two metrics had no proper name in the help information.

* Use condensed-table style for the dashboard so it takes a little bit less space.