melange considers packages which provide an absolute symlink as providing the target

[murraybd]

@smoser made a change to melange, https://github.com/chainguard-dev/melange/pull/1662, which he believes introduced a regression that melange will follow an absolute symlink and consider the package as providing the target even though the package is not actually providing or vendoring the shared object.

When discussing the fix @jonjohnsonjr mentioned that we should do global melange scan to confirm the sensibility of the changes.

This issue manifests itself quite regularly in package build logs of packages in the following way:

solving "keyutils-libs" constraint:   keyutils-libs-1.6.3-r5.apk disqualified because keyutils-dev-1.6.3-r5.apk already provides so:libkeyutils.so.1
  keyutils-libs-1.6.3-r0.apk disqualified because keyutils-dev-1.6.3-r5.apk already provides so:libkeyutils.so.1
  keyutils-libs-1.6.3-r1.apk disqualified because keyutils-dev-1.6.3-r5.apk already provides so:libkeyutils.so.1
  keyutils-libs-1.6.3-r2.apk disqualified because keyutils-dev-1.6.3-r5.apk already provides so:libkeyutils.so.1
  keyutils-libs-1.6.3-r3.apk disqualified because keyutils-dev-1.6.3-r5.apk already provides so:libkeyutils.so.1
  keyutils-libs-1.6.3-r4.apk disqualified because keyutils-dev-1.6.3-r5.apk already provides so:libkeyutils.so.1
  keyutils-libs-1.6.3-r5.apk disqualified because keyutils-dev-1.6.3-r5.apk already provides so:libkeyutils.so.1