Add support for failing builds

[CallMeGreg]

I'm hoping to optionally fail a status check when new tfsec alerts are found as part of a pull request workflow.

It appears the --soft-fail flag is hardcoded as an argument when this action runs the tfsec command: https://github.com/aquasecurity/tfsec-sarif-action/blob/master/entrypoint.sh#L55

It would be great if:

1. this flag was not included by default, and something that can be optionally included with the existing tfsec_args functionality
2. OR there was a new action input parameter for --soft-fail that defaults to true, that you can override with false

Option 1 seems easier to implement but would likely be considered a "breaking change" and probably constitute a new major version release. I'm guessing option 2 would be more seamless, and something that could be introduced as a patch / minor version update.

[srgoni]

I'd even vote for "hard fail" by default.
Adding an if: success() || failure() to the upload-sarif task will make it run even when the check fails, so there's no need to short-circuit GitHub build failure mechanics.

This would be very helpful when designing workflows that work both with and without GH Advanced Security.