Normalize PyPI package names before calling Trusty

[eleftherias]

The PyPI specification states that python package names should be normalized https://packaging.python.org/en/latest/specifications/name-normalization/#name-normalization. The package names that we parse from requirements.txt do not necessarily adhere to the normalization rules.

We should normalize the package name before sending it to Trusty.

I think we already do this before calling OSV.