feat: enhance products with no identified vulnerabilities

[ffontaine]

Currently, cve-bin-tool will return gnu:zlib in "Products with No Identified Vulnerabilities" if zlib is found but not affected by CVE-2016-9842 (i.e. zlib >= 1.2.9) because NVD NIST database contains two CPE IDs for zlib (gnu:zlib and zlib:zlib)

With this update, product with multiple vendors will not be displayed under above section if a CVE is found with one of the vendor.

Fix #3169

[codecov-commenter]

Codecov Report

Merging #3254 (8c72605) into main (28fe118) will decrease coverage by 5.32%.
The diff coverage is 25.00%.

@@            Coverage Diff             @@
##             main    #3254      +/-   ##
==========================================
- Coverage   80.94%   75.63%   -5.32%     
==========================================
  Files         724      724              
  Lines       11299    11301       +2     
  Branches     1525     1527       +2     
==========================================
- Hits         9146     8547     -599     
- Misses       1740     2420     +680     
+ Partials      413      334      -79     

Flag	Coverage Δ
longtests	75.63% <25.00%> (+0.01%)	⬆️
win-longtests	?

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Changed	Coverage Δ
cve_bin_tool/output_engine/__init__.py	60.11% <0.00%> (-2.43%)	⬇️
cve_bin_tool/output_engine/console.py	95.56% <50.00%> (+0.02%)	⬆️

... and 22 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[terriko]

What a simple and elegant solution to the problem. It looks good at a glance; I'll be back after the tests have run and I'm sure it won't cause any surprise failures.

[terriko]

Merge time! The failing CVE check is related to the OSV bug we fixed yesterday, so can be ignored.