Inspect how a textual match was made

[erictapen]

It's still not entirely clear to me, what kind of different degrees of data quality we get from a CVE record, so this needs to be refined further.

As a security team member, when comparing CVEs with Nixpkgs packages in automatic suggestions (https://github.com/Nix-Security-WG/nix-security-tracker/issues/178), I want to be able to assess why the match was proposed and whether it is reasonable.

• [ ] Highlight if the full text of the CPE name matches the package name
• [ ] Highlight how the fuzzy search made the match(es) come about