Correctly handle RedHat AppStreams for multiple fix versions to avoid false positives

[zhill]

AppStreams can cause multiple fix versions to be presented to Engine and it currently assumes that only the latest fix is the correct fix, which is correct for non-AppStream versions, but not when AppStreams provide multiple update paths for the same package name.

The system needs to be able to detect and properly handle the AppStream case to avoid reporting false positives.