feat(cve): include PkgPath information in image cve UI list using sections and in CVE export

[vrajashkr]

What type of PR is this?
feature

Which issue does this PR fix:
Towards project-zot/zot#2175

What does this PR do / Why do we need it:
This PR displays the Package Path information for the package list for a given CVE in the vulnerabilities list.
Since there is more data being displayed, this PR also brings in a change to display this information in a vertically stacked form with a separate section for each affected package.

References #426

Testing done on this change:
Screenshots:

CSV export:

id,severity,title,description,reference,packageName,packagePath,packageInstalledVersion,packageFixedVersion
CVE-2016-1000027,CRITICAL,spring: HttpInvokerServiceExporter readRemoteInvocation method untrusted java deserialization,"Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.",https://avd.aquasec.com/nvd/cve-2016-1000027,org.springframework:spring-web,usr/local/artifacts/spring-web-5.3.31.jar,5.3.31,6.0.0

XLSX export:

Will this break upgrades or downgrades. Has updating a running cluster been tested?:
Ideally, this should not break upgrades or downgrades as the older graphQL query should continue working just fine as well as the updated query.
No, updating a running cluster has not been tested.

Does this change require updates to the CNI daemonset config files to work?:
N/A

Does this PR introduce any user-facing change?:
Yes

The package list for a given CVE is now displayed in a vertical form with a section for each affected package.
Additionally, the package path for a given CVE (if available) is also displayed. If the package path is not available, the field will indicate 'Not Specified'.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[vrajashkr]

I've kept the PR in Draft state temporarily as I'm seeing some local Unit Test failures which I'm not able to immediately figure out.

[vrajashkr]

I've kept the PR in Draft state temporarily as I'm seeing some local Unit Test failures which I'm not able to immediately figure out.

Fixed! Missed to change the data testId :)

There was an additional suggestion regarding whether we'd like to hide this data in mobile view. Ref: #426 (comment)

Once we're all on the same page about whether to hide it, I can probably make that change in a separate PR.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 82.87%. Comparing base (33524ce) to head (8fa9abc).

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #428      +/-   ##
==========================================
+ Coverage   82.82%   82.87%   +0.04%     
==========================================
  Files          62       63       +1     
  Lines        1875     1880       +5     
  Branches      483      483              
==========================================
+ Hits         1553     1558       +5     
  Misses        311      311              
  Partials       11       11              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[vrajashkr]

Hi @raulkele, gentle bump on this PR.

Would be great to get your feedback. Thanks!

[raulkele]

Code looks good, only one small syntactic sugar suggestion.
Now just looking for a final decision as to which version is preferred.

[rchincha]

Like this better than PR #426

[rchincha]

lgtm