Use the upstream Bitmani vulndb data for matching

[wagoodman]

Bitnami is providing vulnerability matching data for their contianers, which have embedded SPDX documents outlining the contained components: https://github.com/bitnami/vulndb . This could be leveraged in order to improve matching in grype for those components.

This involves at least the following tasks:

• [ ] Write a new vunnel provider so that we can pull and prepare the data for grype-db. Part of this work is understanding if this data fits into an existing schema, or if we need to create a new one (I think a new one is needed at first glance). anchore/vunnel#512
• [ ] Update grype-db to be able to transform and write entries to the DB. This depends on the schema written out by vunnel. anchore/grype-db#217
• [ ] Ensure that syft to be able to pick up on SBOMs that are contained within the /opt/bitnami/* locations (I think this should already work, but have not verified). anchore/syft#3065
• [ ] Update [grype] to be able to match with these new db records. This will take a little bit of thinking. I don't think we need to add a new Matcher object, but most likely enhance the generic search.* functions to look for bitnami specific material and additionally search those namespaces. This might mean that we need to update the namespace logic to determine whether to include the additional bitnami namespaces (haven't thought through this entirely yet).