Pre-submission checks

• I am not reporting a bug (crash, false positive/negative, etc). These must be filed via the bug report template.
• I have looked through the open issues for a duplicate request.

What's the problem this feature will solve?

I'm interested in defining a custom persona. I believe this might supersede #435 in a way that's a little less uncomfortable than allowing generic ignores. It could also simplify or subsume #396.

An example driver would be the desire to include un-hashed references in the default persona, but not other pedantic findings, while reducing the severity of injection findings. This could represent the threat model of a private repository that is sensitive to supply-chain attacks but not to attacker-controlled workflow events.

Describe the solution you'd like

Expand zizmor config to include a personas: section. Each persona should be able to identify which findings are "of interest" to that persona, such that they're emitted when that persona is selected but not otherwise.

It might also be valuable to allow the Persona to set the severity of an issue. Referencing the use case in #396, a "trusted" persona might omit some findings entirely, and reduce the severity of other findings while still including them.

Additional context

No response