refactor: sort vendors from get_vendor_product_pairs and update tests

[rhythmrx9]

closes #1878

[terriko]

Updating branch should fix the OSV error now, but I'll leave this alone since it's still a draft and I assume you're still working on it.

[terriko]

Hey @rhythmrx9 -- I'm trying to tidy up our pull requests in preparation for hacktoberfest. I remember that there was some challenge with this one and the tests. I've updated the branch just so I can take a look at where we're at, but what did you want to do with this PR? Did you still want to work on it now that you're done gsoc for the season? I see it's still in draft mode.

[rhythmrx9]

@terriko I wanted to sort the vendors that are returned from get_vendor_product_pairs to get a fixed order of vendors, as change in order of vendors when an index is applied on database broke tests. Changing some indexes that are applied can improve performance but it breaks tests. Initially I thought sorting and then updating tests would fix this.

But after looking into it some more, the actual problem is why sorting vendors caused tests to fail, which has to do with how we handle multiple vendors, currently we just take the first one, but a change in order of vendors changes the vendor, so a CVE in a product with multiple vendors may or may not be reported depending on the order of vendors. We need a better way to handle this than how we currently do it.

WIll open a new issue for that, and close this PR and related issue.