Enhance Alpine package scan results

[aalexanderr]

Alpine packages lack some important info like copyrights or where the source code is located. This info can't be gathered from the packages themselves as its just not there. To get this info we need to: download aports repo & for each pkg check it out on commit specific to alpine package (via fetchcode) parse APKBUILD nexB/scancode-toolkit#2541 download package sources (fetchcode) & amend new info to package's scan results

Discussed a bit with @pombredanne Most likely @quepop will PR it

The question is- should it be standard behavior when alpine based docker is being scanned or should it be a separate pipeline?