Connect to gemnasium-db repo

What does this MR do?

Make the analyzer leverage the gemnasium-db repo directly instead of connecting to the Gemnasium API.

This includes or will include:

• code refactoring !27 (merged)
• new advisory package, to manipulate gemnasium-db repo !28 (merged)
• version range resolvers !31 (merged)
  • native Ruby vrange CLI
  • vrange CLI based on gemnasium/semver
  • embed gemnasium-db repo
• re-organize vrange CLIs !41 (merged)
• native vrange CLIs
  • npm !42 (merged)
  • php !38 (merged)
  • python !36 (merged)
  • enable all native vrange CLIs !46 (merged)
  • add test cases based on gemnasium-db !47 (merged)
• use vrange in auto-remediation !34 (merged)
• provide an API gemnasium-maven and gemnasium-python can consume !37 (merged)
• update gemnasium-db at run-time !33 (merged)
• ensure local gemnasium-db repo is available at run-time !43 (merged)
• expose GEMNASIUM_DB_* variables for customization of the gemnasium-db repo !50 (merged)
• remove links to deps.sec.gitlab.com from reports (follow-up issue)

Warning! We may have to wait until the affected ranges are fixed in gemnasium-db before deploying this. See gitlab-org/security-products/gemnasium-db!121 (closed)

Commits will NOT be squashed to preserve refs to these MRs.

Future improvements

These are possible improvements that have been discussed during the review:

• back box testing
• using go-git
• better log when updating the local gemnasium-db repo

Related issues

gitlab-org/gitlab#14630 (closed)

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE; see gitlab-org/gitlab#14630 (closed)
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer