include a list of fixed CVEs in changelogs

[KanjiMonster]

Add a new flag for calculating fixed CVEs between two versions, and use this for the changelog for new releases.

This works by getting open CVEs for each package included in the image, then comparing the lists.

Creates output like this:

  Fixed CVEs:
  c-ares:
    CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067

  dbus:
    CVE-2023-34969

  docker-ce:
    CVE-2023-28840 CVE-2023-28841 CVE-2023-28842

Be aware that the check is rather slow due to rate limiting by the CVE database.

The CVE lists are generated based on the known CVEs at changelog generation, not time of the release, so they are not "reproducible".

As an addition, slightly extend the example config with a section explaining how to enable CVE checking for the build.

[KanjiMonster]

Added a snipped to the example config, and added an example entry for the generated JSON file by Yocto.