Document the values at the heart of this vulnerability scanner

[forevermatt]

For example:

• Issues should automatically disappear from the report once they have been resolved. Don't make us spend time/effort figuring out which issues don't matter any more.
• Keep a high signal-to-noise ratio (i.e. minimize false-positives or reports of issues I can't do anything about). Every line of the report should be actionable.

This list should be added to the README at some point.