feat: improve handling when some CPEs have 0 CVEs associated?

[terriko]

For instance, in dumping the CVEData when there's no CVEs, I came across this occasion where there's two other instances of dnsmasq for vendors dnsmasq and the_kelleys. The instance of dnsmasq with vendor name thekelleys (no underscore) actually has 13 CVEs with all the correct data.

=== ProductInfo(vendor='dnsmasq', product='dnsmasq', version='2.78') CVEData(None, {'cves': []})
=== ProductInfo(vendor='the_kelleys', product='dnsmasq', version='2.78') CVEData(None, {'cves': []})

Originally posted by @wideglide in https://github.com/intel/cve-bin-tool/issues/3899#issuecomment-1984902411

As I mentioned in the bug, we are working on a few things to avoid this kind of result, but while we're working on those slower improvements we may also want to do something fancy display-wise for cases where one or more of the CPEs (e.g. {vendor, product}) don't have any CVEs associated with them. Maybe just don't display them if they're not useful? Maybe put them in as a footnote? Not sure the best solution here but it seems like we could probably do better, anyhow.

[joydeep049]

Can I work on this? Also, Can you look at this and this. I think one is ready to merge and the other needs more a bit more discussion