Replace the Red Hat OVALv2 update source with the Red Hat CSAF/VEX data.

Signed-off-by: crozzy <joseph.crosland@gmail.com>

Start matching repository CPEs based on the CPE subset relation.
This change interprets VEX CPEs identifying Red Hat repositories as CPE
matching expressions and looks for a subset relation with the record's
repositoty CPE. This change also introduces a fallback to deal with CPEs
in the VEX data that are expected to describe a subset relationship but
don't use the correct matching syntax, in these cases matching is done
with a crude string prefix match.

Signed-off-by: crozzy <joseph.crosland@gmail.com>

Previously the IgnoreUnpatched config key was a part of the RHEL
updater and would dictate whether or not the updater would ingest
unpatched vulnerabilities. This change moves that key to the RHEL
matcher and dictates whether the matcher should check for a
fixed_in_version when querying potential vulnerabilities. This makes the
config option more usable at the expense of DB size.

Signed-off-by: crozzy <joseph.crosland@gmail.com>

Given that the rhel-vex data will be responsible for Red Hat
vulnerabilities we no longer want the existing OVAL updater to be a
default (or even selectable). This patch also removes existing RHEL OVAL
data from the matcher DB.

Signed-off-by: crozzy <joseph.crosland@gmail.com>

Add the ability for the RHEL VEX updater to consume a deletions.csv file
in order to inform the Parser and eventually the persistence layer of
any VEX files that may have been deleted.

Signed-off-by: crozzy <joseph.crosland@gmail.com>