fix(oracle): handle ksplice advisories

[knqyf263]

Overview

ksplice is for zero-downtime updates and it doesn't seem to be used in a container image.
https://ksplice.oracle.com/

There are two patches for the same vulnerability.

1. Normal patch
2. Zero-downtime patch

They have different versioning. You can see the following advisories. The first one is the normal patch, while the second one is the zero-downtime patch.

1. https://linux.oracle.com/errata/ELSA-2019-2304.html
2. https://linux.oracle.com/errata/ELSA-2019-4754.html

If a package is installed without ksplice patch, we should not use ksplice advisories for vulnerability detection because they have different versioning and it causes false positives. This PR skips ksplice advisories when the installed package is not a ksplice package. Also, if the package is a ksplice one, we should not use the normal advisories.

Issue

Close #736

[codecov]

Codecov Report

Merging #745 (59ff7f1) into master (b6d5b82) will increase coverage by 0.16%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master     #745      +/-   ##
==========================================
+ Coverage   66.58%   66.75%   +0.16%     
==========================================
  Files          56       56              
  Lines        2158     2160       +2     
==========================================
+ Hits         1437     1442       +5     
+ Misses        591      588       -3     
  Partials      130      130              

Impacted Files	Coverage Δ
pkg/detector/ospkg/oracle/oracle.go	93.93% <100.00%> (+10.06%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b6d5b82...59ff7f1. Read the comment docs.

[danielpacak]

Code LGTM! I tested / debugged with oraclelinux:7-slim image, but I think it's not easy to test it with an image that installed packages with ksplice as it's available only for premier customers.