Consistency with Image ID & Digest in vulnerability command about go-sdk HOT 1 CLOSED

Doing some reading and a complete assessment of how we run vulnerability scans
and lookup for vulnerability reports, I have the following proposal.

Implementation Details

By default, on-demand vulnerability scans are requested by providing the tag or digest
of an image, therefore we are going to make the vulnerability command to be focused
in digest as much as possible. Though, we will provide a way to retrieve reports from
image IDs.

Here are some modifications we will make to the CLI.

Run on-demand scans

To run an on-demand scan, a user will need the following information:

<registry>    container registry where the container image has been published
<repository>  repository name that contains the container image
<tag|digest>  either a tag or an image digest to scan (digest format: sha256:1ee...1d3b)

Note that we can't trigger scans with an image ID.

Review vulnerability reports

To review vulnerability reports from container image scans that run previously either
by the periodic scan mechanism that Lacework runs every hour, or a requested
on-demand vulnerability scan, a user will need to provide a SHA256 hash of a
container with format sha256:1ee...1d3b.

Example:

$ lacework vul report sha256:8d8f5b08727272389bc2788561bd60a8f012d3c68675dccce7dd7ee2d47a9f4d

By default, this command treads the provided SHA256 as the image digest, when a
user is trying to lookup a report by its image ID, they can use the flag --image_id that
will tread the provided SHA256 hash as an image ID.

Deprecations

The flag --digest will be deprecated, and in fact, enabled by default for the command
lacework vulnerability report.

from go-sdk.