Rewrite converter from Node.js to Go

What does this MR do?

This MR rewrites the converter code added by !1 (merged) from Node.js to Go. See gitlab-org/gitlab#33824 (closed) for a complete list of the changes implemented by this MR.

What are the relevant issue numbers?

Closes gitlab-org/gitlab#33824 (closed)

Implementation Details

This MR will convert the following klar formatted report:

{
  "Vulnerabilities": {
    "High": [
      {
        "FeatureVersion": "2.2.1-8+deb9u1",
        "FeatureName": "cups",
        "FixedBy": "2.2.1-8+deb9u2",
        "Metadata": {
          "NVD": {
            "CVSSv2": {
              "Vectors": "AV:N/AC:M/Au:N/C:C/I:C",
              "Score": 9.3
            }
          }
        },
        "Severity": "High",
        "Link": "https://security-tracker.debian.org/tracker/CVE-2017-15400",
        "Description": "Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue.",
        "NamespaceName": "debian:9",
        "Name": "CVE-2017-15400"
      }
    ]
  },
  "LayerCount": 9
}

Into the Security Products Common Format:

{
  "version": "2.3",
  "vulnerabilities": [
    {
      "category": "container_scanning",
      "message": "CVE-2017-15400 in cups",
      "description": "Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue.",
      "cve": "debian:9:cups:CVE-2017-15400",
      "severity": "High",
      "confidence": "Unknown",
      "solution": "Upgrade cups from 2.2.1-8+deb9u1 to 2.2.1-8+deb9u2",
      "scanner": {
        "id": "klar",
        "name": "klar"
      },
      "location": {
        "dependency": {
          "package": {
            "name": "cups"
          },
          "version": "2.2.1-8+deb9u1"
        },
        "operating_system": "debian:9",
        "image": "registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0@sha256:bc09fe2e0721dfaeee79364115aeedf2174cce0947b9ae5fe7c33312ee019a4e"
      },
      "identifiers": [
        {
          "type": "cve",
          "name": "CVE-2017-15400",
          "value": "CVE-2017-15400",
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15400"
        }
      ],
      "links": [
        {
          "url": "https://security-tracker.debian.org/tracker/CVE-2017-15400"
        }
      ]
    }
  ],
  "remediations": []
}

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Change the image tag from X-Y-stable to 2, see gitlab-org/gitlab!20986 (merged)
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer