As per [0], we should surface cases where npm dependencies are using
`git` or `github` based pinning.

This requires a fresh means to generate these, which can be done via
`advisory.Generate`, and set up the ability to do more things like
this in the future.

We can do this using an `INSERT INTO ... SELECT ...` to reduce the work
we need to do, and we'll follow up in #608 to provide better contextual
information on the ref used.

[0]: https://socket.dev/blog/how-to-mitigate-the-risks-of-using-open-source-packages-with-git-dependencies