[Feature] Warn for package operations that install/update a package with known vulnerability/deprecation metadata

[JonDouglas]

NuGet Product(s) Involved

Visual Studio Package Management UI, dotnet.exe

The Elevator Pitch

As part of the "Prevent" side of the Know, Prevent, Fix framework. Our next task is to ensure that package operations are blocked or warned whenever a user does a potential package operation such as installing or updating to a susceptible package version that includes known vulnerability/deprecation metadata.

This experience can re-use existing confirmation dialogs in Visual Studio and on the command line, provide a y/n confirmation prompt in CLI experiences for the user to continue.

A dialog may say something similar to:

You are attempting to install a package that has been flagged as deprecated or contains known security vulnerabilities. Installing this package may pose a risk to your project's security and stability.

Package Name: [Package_Name]
Version: [Version_Number]
Vulnerability/Deprecation Details: [Brief description of the vulnerability or reason for deprecation, if available]

It is recommended to either update to a newer, secure version of this package or choose an alternative package. 

Do you want to continue with the installation/update?

Additional Context and Details

No response

[cremor]

This should also include vulnerability/deprecation checks in transitive dependencies that would be installed/updated. If ones are found, it should explain (or link to a page explaining) how to update the transitive dependencies afterwards.