Add non ref contextual columns to the vulnerabilities table

The vulnerability_occurrences table currently contains records that are do not differ based on the context of where the vulnerability is. (Specifically, it's ref). As such, these values should be migrated up to the vulnerabilities table to act as static representations for any occurrence of the vulnerability.

These columns are:

• solution
  • This is a static blob of text explanation.
• cve
  • The CVE is defined by an external entity.
• severity
  • While severity can be contextual to the branch, the severity provided by the scanner is not contextual. As such we use it as the default value, and then can retrieve the overriden value from the severity overrides.

We will not remove these columns from vulnerability_occurrences until we have fully migrated their use to the vulnerabilities table.

Naturally, we will need to create BBM(s) to backfill this data once the columns are made.