Develop the analyzer more consequently into a "build system best practices advisor"

[sschuberth]

In many cases, the analyzers for package managers rely on best practices being applied to the build system and dependency management in order to get proper results. But sometimes work-arounds are in place to not completely fail on commonly made mistakes, like e.g. the omission of the scm: prefix for Maven <connection> tags.

So in a way the analyzer implicitly checks for "build system best practices" as it would otherwise fail or log warnings / errors. However, this is implemented inconsistently currently. To harmonize this and to make this check explicit, goals would be to

• always get as much information as possible from a build, without cancelling analysis on the first occurrence of an error (like invalid data in a definition file).
• Consequently create analyzer issues about all findings instead of silently ignoring them or just logging to the console.

Doing so would add more value to the analyzer for users that are also interested in code quality (at least in their own projects) in addition to license and security compliance.