If repository verification finds bad repository link: hide from search

[sigurdm]

We want to strongly encourage correct repository links.
A bad link is often indicative of malattribution. And can lend false credibility to a packages.

The repository verification process can have 3 outcomes:

• valid
• invalid
• failed deciding validity

We only want to decrease the score in the second case.

The score for an invalid repository link should be 0 (total, for the full report).
Or we find an alternative way to make them not show up in search:

• Perhaps set the discontinued status of the package
• Or we use a tag (has:bad-repo-link) that makes search not show the package

[sigurdm]

Current status: we no longer display bad repository links. If validation fails because of eg. connection issues they are still shown.

They are thus getting a lower score, but still not 0. Do we still want that?

cc @jonasfj