Add OSV generation to NVD CVE parsing code

[andrewpollock]

This is another in-progress prototype snapshot.

We're at a point here where OSV output is successfully generated. Additional validation to determine if it's "good enough" needs to be performed.

Next steps:

Refactor the functions into a library and add tests Add repository language inference heuristics for Github repositories Add repository language inference heuristics for non-Github repositories ~~Derive a "Fixed" version from patch references (where the repository's language is determined to be C/C++)~~ ~~Derive a "Fixed" version from inspecting discovered repositories (where the repository's language is determined to be C/C++)~~