feat: Adding alternative vulnerability data sources

[anthonyharrison]

Description

There are now multiple data sources of vulnerabilities which can be used to assess components. Supporting more may provide more accurate reporting of vulnerabilities.

Why?

With the issues which the NVD is experiencing alternative sources of vulnerability information are now being used across industry.

Suggest supporting the data from CVE.org which contains CVE records in JSON format and includes additional information such as CVSS V4 scores and PURL records (will be supported from schema version 5.1).

Anything else?

Other potential sources to consider are:

• Alpine (https://secdb.alpinelinux.org/)
• Amazon (https://alas.aws.amazon.com/AL2/alas.rss & https://alas.aws.amazon.com/AL2022/alas.rss)
• Debian (https://security-tracker.debian.org/tracker/data/json)
• GitHub Security Advisories (https://api.github.com/graphql)
• Oracle (https://linux.oracle.com/security/oval)
• SLES (https://ftp.suse.com/pub/projects/security/oval)
• Ubuntu (https://launchpad.net/ubuntu-cve-tracker)
• Wolfi (https://packages.wolfi.dev/)