Pre-submission checks

• I am not reporting a new vulnerability or requesting a new vulnerability identifier. These must be reported or managed via upstream dependency sources or services, not this repository.
• I agree to follow the PSF Code of Conduct.
• I have looked through the open issues for a duplicate request.

What's the problem this feature will solve?

CI breaks when new vulnerabilities are reported, and it’s tedious to modify CI to add & ignore vulnerabilities. Having an environment variable would make managing ignoring vulnerabilities easier and more flexible.

Describe the solution you'd like

A new environment variable PIP_AUDIT_IGNORE_VULN which mimics the behavior of the --ignore-vuln command line option. The environment variable could take a space-separated list of vulnerability ids.

Additional context

No response