feat: support providing arbitrary packages to check via a csv

[G-Rath]

Adds support for providing CSV rows as input to allow specifying arbitrary packages.

This allows support for "unknown" ecosystems like NuGet:

❯ ./osv-detector --parse-as-csv 'NuGet,Yarp.ReverseProxy,'
csv: found 1 packages
  Loading OSV databases for the following ecosystems:
    NuGet (174 vulnerabilities, including withdrawn - last updated Mon, 09 May 2022 20:05:07 GMT)

  Yarp.ReverseProxy@ is affected by the following vulnerabilities:
    GHSA-8xc6-g8xw-h2c4: YARP Denial of Service Vulnerability (https://github.com/advisories/GHSA-8xc6-g8xw-h2c4)

  1 known vulnerability found in csv

Currently this feels a bit stiff for me, but on the other hand it is meant to be an advanced use-case so maybe it's fine? However I'd like to try and have support for reading from a CSV file before landing this, because I think otherwise it becomes unwieldy to use for larger inputs (and you might run into argument length limits).

I think I might support this by just adding a new --parse-as-csv-file flag - I was thinking about checking if an input looked like a file path, but I'm worried that that might go wrong e.g. a user (or worse an automatic tool) messes up the CSV input so badly it ends up looking like a filepath and the detector does something really silly, or someone somehow has a file/directory that looks like a valid CSV. Given what I just said about this being for advanced use-cases, having another explicit flag might be the way to go.

(I still need to do the documentation and write tests for this)

I've rewritten this significantly - now CSV support is done through using two special --parse-as values; the documentation in the readme explains the rest, so I won't type it out again here.

Resolves #13