Include new app_blocking_match_based_ids field in ci_scan_complete_response (#326)

Right now whether or not a CI scan should exit with code 1 is determined
_mostly_ by the CLI, but the app can use the `app_block_override` field
of `ci_scan_complete_response` to tell the CLI to exit with code 1 no
matter what. This is currently used to support blocking scans when we
detect a dependency with a blocked license.

We're currently working on a project which includes making it more
customizable within the app whether or not a given finding should be
blocking, right now just for supply chain, but with the aim to
eventually move the computation of blocking findings entirely to the
app. So we'd like to be able to tell the CLI not only "please block" but
also "here are the list of findings that the app determined are
blocking".


- [x] I ran `make setup && make` to update the generated code after
editing a `.atd` file (TODO: have a CI check)
- [x] I made sure we're still backward compatible with old versions of
the CLI.
For example, the Semgrep backend need to still be able to *consume* data
	  generated by Semgrep 1.50.0.
See
https://atd.readthedocs.io/en/latest/atdgen-tutorial.html#smooth-protocol-upgrades
	  Note that the types related to the semgrep-core JSON output or the
	  semgrep-core RPC do not need to be backward compatible!

Author: mmcqd

semgrep_output_v1.atd

@@ -100,6 +100,8 @@ type uuid = string wrap <ocaml module="ATD_string_wrap.Uuidm">
 (* RFC 3339 format *)
 type datetime = string wrap <ocaml module="ATD_string_wrap.Datetime">
 
+type match_based_id = string wrap
+
 (*****************************************************************************)
 (* Versioning *)
 (*****************************************************************************)
@@ -1617,12 +1619,15 @@ type parsing_stats = {
   num_bytes: int;
 }
 
+
 (* Response by the backend to the CLI to the POST /complete *)
 type ci_scan_complete_response <ocaml attr="deriving show"> = {
    success: bool;
    ~app_block_override: bool;
    (* only when app_block_override is true *)
    ~app_block_reason: string;
+   (* match_based_ids of findings that semgrep-app determined should cause the scan to block *)
+   ~app_blocking_match_based_ids : match_based_id list;
 }
 
 (* ----------------------------- *)