Add workaround for erroneous advisory detection

[Jake-Shadle]

rustsec used to change how pre-release version requirements were handled compared to the standard semver crate, but this was removed (see https://github.com/RustSec/rustsec-crate/issues/218) causing advisories to be detected incorrectly for pre-release versions (see #316 for a concrete example).

This PR adds a workaround for the behavior by detecting if the crate version in question is a pre-release version, and creates a version without the prelease identifier to match against potential patched/unaffected versions. If the short version is patched/unaffected, we don't emit whatever diagnostic we would have, but do emit a warning saying we skipped it because it was a pre-release, and which patch/unaffected version it matched against to at least notify the user about this.

There are some edge cases in this approach, but considering how relatively rare pre-releases are in general across the ecosystem, I am not super concerned about them, considering that a warning is still emitted so that a user can dive deeper if they are curious or think the advisory is being skipped erroneously.

Resolves: #316

[djc]

I'm not seeing this show up in cargo-deny-action yet -- is that expected?

[Jake-Shadle]

Oh, I need to update that sorry. 😬

[djc]

No problem, your work is much appreciated!

[Jake-Shadle]

Ok, this is now available in the latest v1 of cargo-deny-action.