Right now, we consume Package URLs (pURLs) for SBOM datasources, and
have the ability to derive the pURL for a Renovate dependency but it's
not persisted, and is only used when performing lookups to systems that
require a pURL, or for `renovate-to-sbom`.

To make this data available for other use-cases, we can derive the
`package_type` and `package_url` as part of an import of Renovate data
and then store it in the database.

As this is derived, this is likely to be subtly wrong for some types, so
we'll look at improving them as-and-when we discover incorrect
categorisation.

This also requires refactoring the parameter to
`newRenovateDependenciesQuery` as it's no longer getting a full Renovate
row, as we don't query the `package_type` or `package_url`.

Closes #436, and a step towards #446.