Ensure advisory data object creates correct cvss vectors

Problem to solve

PackageMetadata::AdvisoryDataObject sets cvss_v2 and cvss_v3 to '' if either attribute is missing from the imported json. Our validator treats an empty string as an invalid cvss vector. The only valid blank value is nil.

Proposal

Update the default value for missing cvss vectors to nil.

Implementation Plan

• update PackageMetadata::AdvisoryDataObject cvss_v2 and cvss_v3 defaults from blank string to nil