Warn about vendored versionless packages

[3v0k4]

Hey, first of all, thanks for your work on this gem 🙏

In my project, I got a vendored bootstrap as follows:

# config/importmap.rb
pin "bootstrap", preload: true

Problem is, without the version, audit and outdated (and pristine) ignored that package. Which, is not great because not only the vendored version (v3.4.1) is outdated, but also because it has a vulnerability.

If I change the importmap to:

# config/importmap.rb
pin "bootstrap", preload: true # @3.4.1

Then, I can see the audit:

| Package   | Severity | Vulnerable versions | Vulnerability                                      |
|-----------|----------|---------------------|----------------------------------------------------|
| bootstrap | moderate | >=2.0.0 <=3.4.1     | Bootstrap Cross-Site Scripting (XSS) vulnerability |
  1 vulnerability found: 1 moderate

And outdated:

| Package   | Current | Latest |
|-----------|---------|--------|
| bootstrap | 3.4.1   | 5.3.7  |
  1 outdated package found

This PR adds a warning about versionless vendored packages for that reason.