Add CVE identifier to Vulnerability class

[jheyens]

This adds the CVE information to --json output

[jheyens]

I don't think the failing macOS check is caused by this PR, but by some AppVeyor issue.

[iot-resister]

@jheyens I'd love to get this merged. Looking to integrate with gitlab CI. https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/master/dist/dependency-scanning-report-format.json