Figure out sub-field spanning

[woodruffw]

#233 highlights a piece of non-ideal user confusion: zizmor operates at the layer of YAML element spans at the moment, meaning that many findings have "identical" spans because their actual findings are really substrings, etc within a YAML string.

For example, these two findings look like duplicates, but are really slightly different spans within the same parent span:

info[template-injection]: code injection via template expansion
  --> /Users/wtan/Projects/zizmor/docs.yml:55:9
   |
55 |         - name: Update Docs Reference Section and Push Changes
   |           ---------------------------------------------------- info: this step
56 |           continue-on-error: true
57 |           run: |
   |  _________-
58 | |           python docs/build_reference.py
...  |
66 | |             echo "No changes to commit"
67 | |           fi
   | |____________- info: github.head_ref may expand into attacker-controllable code
   |
   = note: audit confidence → Low

info[template-injection]: code injection via template expansion
  --> /Users/wtan/Projects/zizmor/docs.yml:55:9
   |
55 |         - name: Update Docs Reference Section and Push Changes
   |           ---------------------------------------------------- info: this step
56 |           continue-on-error: true
57 |           run: |
   |  _________-
58 | |           python docs/build_reference.py
...  |
66 | |             echo "No changes to commit"
67 | |           fi
   | |____________- info: github.ref may expand into attacker-controllable code
   |
   = note: audit confidence → Low

I need to figure out a good way to represent and highlight these.

h/t @Ninja3047