False positive: CVE-2023-3341 (and 7 more) in bind

[raboof]

Running the local scanner on the testcase at https://github.com/Nix-Security-WG/nix-security-tracker/tree/c35f957fc02b101ee06eb5096d7f05cd87e539d73be45b19d4b97520173c48defa4c6747156d6dcf, it reports CVE-2023-3341 in bind.

This is a false positive, because this image is not actually using the bind daemon, but the 'host' utility from the 'bind' derivation.

So likely we should fix this with #33 . This will require some work on the inventory collection, as our current inventory does not expose which output of a derivation has the dependency on a component.