Adversarial attacks and robustness for quantum machine learning