Manually override the severity level depending on context

[raboof]

As encountered in the example of Nix-Security-WG/nix-local-security-scanner#22, there might be situations where we might want to assign a different severity based on context. In this case: the w3m advisory may have severity 'medium' or 'low', but in the context of nixos-help it might be 'low' or even 'none'.

For the API, it would initially be sufficient to encode this as simple advisory id, context pname, severity tuples, as in the vast majority of cases an advisory will have the same severity regardless of the version of the contextual derivation. This keeps the data volume of the information to be shared low.

An example would be: CVE-2023-38253 nixos-help low.

Depends on:

• #208
• #209