Support CVSS3.1 values also for severity calculation

What does this MR do?

Support CVSS strings starting with CVSS:3.1 in calculating severity of the vulnerability. The library we use under the hood - https://github.com/spiegel-im-spiegel/go-cvss/ supports this.

Without this change, many new vulnerabilities are marked with Unknown severity.

Does this MR meet the acceptance criteria?

• Changelog entry added
• Documentation created/updated for GitLab EE, if necessary
• Documentation created/updated for this project, if necessary
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Job definition updated, if necessary
  • Auto-DevOps template
  • Job definition example
  • CI Templates
• Conforms to the code review guidelines
• Conforms to the Go guidelines
• Security reports checked/validated by reviewer