Ignore qualifiers and subpath from PURL search lookups

[tdruez]

In the VulnerableCode UI, searching for packages with the following purl: pkg:maven/log4j/log4j@1.2.17 returns 1 result.
Now add any qualifiers, for examples pkg:maven/log4j/log4j@1.2.17?classifier=sources: 0 results.

Since it is unlikely that VulnerableCode would reference the infinity of possible qualifiers, we should relax the purl matching to only lookup the type+namespace+name+version fields.

This needs to be applied to the API as well.