As noted in #189, there's no way right now to avoid leaking internal
package names to the public Internet when generating advisories or
missing data.

Right now, the solution is to just deal with it, which isn't ideal.
Instead, we can add this as a first-class citizen with a new table, and
the ability to ignore these packages when performing lookups.

This requires we tweak our existing queries to now left join (in case
there's no match) the `sensitive_packages` table and filter out/in
packages as appropriate.

Closes #189.