In #234 @colesmj suggested to move the import of pydal into the sqlDumb
function.
This commit does this and if the import fails raises an UIError with an
explanation on how to proceed.
The text is just a first draft.

To move the import the function get_table was also moved inside the
sqlDump function.

Added a first draft for #234

updating breaking version of OSS scorecard-action

Update scorecard.yml

In threats.json the two properties ("prerequisites", "Likelihood Of Attack") are defined, but are not used in the
rest of pytm.

This commit adds the two properties to the Threat class, so they can be
used by other parts of pytm.

For me this was relevant, since I started to experiment with a different
format for threats mentioned in #237 .
And after exporting threat.json to a markdown format and back into
threat.json these two fields where missing.

Demo-ing the reveal template.

Added `prerequisites` and `likelihood` to Threat

When pytm was run with the `--sqldump` flag with the example `tm.py` from
the repository the execution failed with

```
AttributeError: 'str' object has no attribute 'name'"
```

This was caused by the `assumptions` attribute
https://github.com/izar/pytm/blob/6ca9f75ddaa5bda3503a6b8cbce5e6700e03e644/tm.py#L20-L22

When dumping the model into the database all attributes of the TM class are turned into
strings, by first turning the obj into a dictionary, where specific
attributes are removed and some are converted, and then each value in
the dictionary are turned into strings.

This filtering and conversion is done by the `serilaize(obj, nested=False)` function.
`sqlDump` transforms the values into strings.

The problem in #221 was that when `nested` is false the default behavior
of `serialize()` is to assume that any list of values holds objects which
have either a `.name` or are an instance of `Finding`.
Since `assumptions` is a list of strings this fails.

The fix was to add `assumptions` to an already existing check for
similar attributes.
Also the check was changed from `i == x or ...` to an `in` check.

But to be honest this code is very complex and holds many assumptions,
which are not true for all classes and is constantly checking the
type of the class.
Maybe it would be best to write specific serialize functions for some
classes, and only have a genral serialize function which takes in an
object and a blacklist of attributes.
The `to_serializable` singledispatch function already crates special
functions for each class for the JSON conversion, maybe this can be
extended.

Fixed #221 Got an error "AttributeError: 'str' ...

Revealjs & update scorecard action version