Refactoring: Use report.Details to track vulnerable package

What does this MR do?

This is a follow-up to !268 (merged).

Refactoring: v3.9.0 added the Details field and set the vunerable_package field from the report itself. This MR changes that to use v3.10.0 and set the field from the analyzer. See report!24 (merged)

What are the relevant issue numbers?

No issue. This is code refactoring.

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer