Improve vulnerability matching to consider potentially multiple resolutions

[ckunki]

Class VulnerabilityMatcher currently identifies vulnerabilities by package name and ID.

In reality, however,

• for a given package & version,
• there could be multiple unique vulnerability issues.
• Each vulnerability might be resolved in multiple ways

Summary:

• 1 (package-version combination): m (vulnerabilities)
• m (vulnerabilities): n (resolved package-version combinations)

The current ticket therefore requests to

• enhance the matching strategy of class VulnerabilityMatcher
• Update tests and documentation accordingly