fix(vulnerable-code): Fix search for Go package vulnerabilities

[wkl3nk]

For Go packages, both the namespace and name may contain path segments separated by a "/" character. The purl specification requires these "/" characters to be percent-encoded in the namespace and name components of a purl. The VulnerableCode bulk-search API is unable to handle these percent-encoded "/" characters, resulting in no vulnerability records being returned. This bugfix decodes any percent-encoded "/" characters just before making the VulnerableCode query to ensure proper functionality.

Fixes #9298