Collect vulnerabilities and package references from cve-search (and/or via4cve)

[pombredanne]

At first the goal is to collect data exposed by the API of https://cve.circl.lu/ There is also a dump for via4 data available at https://www.cve-search.org/feeds/via4.json Longer term, we should setup our own instance of cve-search instead of using the public site API.

[sbs2001]

Will we be exposing our cve-search at same end point(proposed to be removed by https://github.com/nexB/vulnerablecode/pull/177) ? This actually needs a lot more discussion as in future we will be adding graphql based api and remove/keep the rest API.