Combine all `not yet assigned` Debian Security Tracker issues into OSV

[hogo6002]

OSV doesn't combine issues with the not yet assigned urgency tag from the Debian Security Tracker because we thought the status of those issues might change soon. But we've observed that many vulns remain in this stage for a very long time, and it doesn't seem like their status will change.

Confirmed with the Debian Security Team via email that they no longer assign urgencies to security issues, only some legacy ones with low/medium/high tags. For all issues without an assigned urgency, we should treat them as regular security issues and merge them into OSV.

A very large number of issues have not yet assigned tag (around 10k), but not all are valid entries (some may not affect any release)