Ensure consistency b/w semver_dialects and vrange when adding advisories

Problem to solve

As we're adding security advisories to the advisory database, we have to make sure that the backend using semver_dialects always finds the same affected and non-affected versions as the legacy Dependency Scanning jobs using vrange.

Proposal

TBD

Add a CI job to the pipeline of gemnasium-db, and make that job fail when the affected and non-affected versions found by semver_dialects are the same as the ones found by vrange. The job is triggered when a YAML file changes, and does the following:

1. Extract the affected_range and package ref from new or updated YAML file.
2. Query package registry to list all versions of the affected package.
3. Resolve affected versions using semver_dialects.
4. Do the same using vrange.
5. Fail if the affected versions don't match.

The CI job is allowed to fail so that it doesn't prevent new advisories from being added to gemnasium-db.

See #220286 (comment 1044076127)

This is a follow-up to Assess accuracy of semver_dialects using gemnas... (#369238 - closed).

The implementation might be similar to the one of Add version matching edge cases to the semver_d... (#386070 - closed).

/cc @julianthome @bwill