Add Resolved In Version from NVD to vulnerable software

[zhumo]

This issue's remaining effort can be completed in ≤1 sprint. It will be valuable even if nothing else ships.

It is planned and ready to implement. It is on the proper kanban board.

Goal

User story
As a user of the Fleet vulnerability dashboard on the vulnerability list page,
I want to see a new column which shows which version of a software item no longer has this particular vulnerability
so that I can recommend this version to my end-users and quickly address the issue.

Changes

/fleet/software API will include a new field resolved_in_version

Sample:

{
    "id": 101,
    "name": "macos",
    "version" "12.1"
    "vulnerabilities": [
        {
            "cve": "CVE-2023-23499",
            "details_link": "https://nvd.nist.gov/vuln/detail/CVE-2023-23499",
            "cvss_score": 5.9,
            "epss_probability": 0.00205,
            "cisa_known_exploit": false,
            "cve_published": "2022-12-23T00:15:00Z",
            "resolved_in_version": "12.6.3"
        }
    ],
}

This issue's estimation includes completing:

• UI changes: https://www.figma.com/file/YVlzFjXxAUTzSXWXC3LylG/%2311666-Add-affected-version-range-from-NVD-to-vulnerable-software?type=design&node-id=0%3A1&mode=design&t=QtsxfSF7LvafOh1R-1

• REST API changes: TODO

• Outdated documentation changes: change API reference and clarify "up to excluding" and "from including" what that means and the source.

• Database schema migrations: TODO

• QA complete?

• ...

ℹ️  Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

Context

• Requestor(s): @dherder

Tactics

• In the UI, API, and webhooks, include the "From (including)" and "Up to (excluding)" information that is
• Here, safe is defined as: the first higher version of the software that has no vulnerabilities. If there are no higher versions without vulnerabilities, then select the first lower version of the software with no vulnerabilities. If neither above are true, then display some message saying so.

[zhumo]

Hi @dherder we were unable to finish designing this issue during our sprint, so it has been de-prioritized. Please bring back to FF if still desired.