Add support for CVSS vectors in the security report schemas

Why are we doing this work?

We want to be able to ingest CVSS vectors into the database if present, as such, we have to extend the schema to allow for CVSS field

Implementation plan

Extend the security report format so that it includes a cvss field. It has the following properties:
- "type": "array"
- "items": { "oneOf": [ { "$ref": "#/definitions/cvss_v2" }, { "$ref": "#/definitions/cvss_v3" } }
Reuse the CVSS vector strings regex validations
- Add a max length validation of 128 (the longest valid cvss vector string is 117 chars this is the closest power of 2)
- Add a min length validation of 32 (the smallest valid cvss vector string is 35 chars this is the closest power of 2)
The CVSS scores in the schema will have the structure below. See #422031 (comment 1558290268)

{
  "type": "object",
  "properties": [
    "vendor": {
      "type": "string",
    },
    "vector_string": {
      "type": "string",
    }
  ],
  "required": [ "vendor", "vector_string" ]
}

Edited Sep 16, 2023 by Oscar Tovar