[feature] Add ability to fetch info related to a purl and similar identifiers in the REST api as well as aggregations on subsets of the identifiers

[mlieberman85]

GUAC with graphql is currently great at handling complicated use cases like when you want to compare multiple artifacts or run complex queries. However, it's a bit of overkill when someone wants to just fetch information on a specific identifier or wants to get aggregates or lists.

I want the REST API to be able to have routes that look like

https:://guac_rest/v1/purl/pkg:{type}/{namespace}/{name}{@optional version}?{optional params}

so you end up with stuff like:

https://guac_rest/v1/purl/pkg:golang/github.com/mlieberman85/[email protected]

and that should return data related to that package. I can then see also having stuff after like:

https://guac_rest/v1/purl/pkg:golang/github.com/mlieberman85/[email protected]/vulns

to just return list of vulnerabilities or something like that. Also having subsets would also be nice for both aggregates and lists e.g.

https://guac_rest/v1/purl/pkg:golang/github.com/mlieberman85

would return me a list of purls like:

[
"pkg:golang/github.com/mlieberman85/[email protected]",
"pkg:goland/github.com/mlieberman85/[email protected]",
...
]

Purl is just one example of an endpoint, i.e. purl, but I can see also a bunch of others as well like sbom, vuln, etc. This is inspired by some of the work the OMNIbor folks have been doing.