Update nuget lockfile parsing to remove Project nodes

What does this MR do?

This MR updates the way nuget dependencies are handled by removing all nodes of type Project from the list of packages and dependencies. This ensures that the dependency graph is consistent with the list of packages.

Project nodes are extracted in the following way:

• All project nodes are excluded from the list of packages.
• Transitive dependencies which are children of a project now become Direct and their version range gets updated to use what was resolved rather than requested by project.

In order to manage removal of nodes more efficiently, the parsing is switched to use a simple graph.

What are the relevant issue numbers?

Gemnasium analyzer can generate dependency_path... (gitlab-org/gitlab#415104 - closed) • Igor Frenkel • 16.10 • At risk

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer