Also allow creating an XML report

[carstenlenz]

If I am not mistaken the Spotbugs invocation is currently hardcoded to produce an HTML report.
Would it be possible to either change the output format via some setting or allow additional outputs?

Background is that I'd like to use the xml output to feed it to some followup toolchain that aggregates findings.

Looking into the Spotbugs codebase it looks like you are able to define multiple (unique) bug reporters : https://github.com/spotbugs/spotbugs/blob/b7068c0c514382631fc56b99a64372c5adf181f9/spotbugs/src/main/java/edu/umd/cs/findbugs/TextUICommandLine.java#L823 (and invocations from -html, -xml etc)

I can't come up with a good idea currently to add this in an elegant backwards compatible way - mostly because of the findSecBugs / artifactPath setting that currently defines the HTML output file.

Backwards compat would mean:

• Default should be "only HTML"
• If artifactPath is set in a client project it would need to be taken as HTML output file

Questions:

• how to define which formats should be added (e.g. findSecBugsReporters := Seq(Reporter.Html, Reporter.Xml ...)
• how to define output paths for each (biggest question for me)

I am happy to provide a PR - would be great to hear your opinion on that.