Start on override strategy for maven guided remediation

[michaelkedar]

Very much a WIP.

Start on a new 'override' remediation strategy for guided remediation for maven, intending to remediate by forcing the use of non-vulnerable versions by dependencyManagement.

This is just the logic to identify possible override patches by searching for the first non-vulnerable version of an affected package.

Things I still need to do/think about:

• [x] Generate a proper Maven ManifestPatch, depending on how the patch needs to be applied (e.g. override direct dependency, override existing dependencyManagement, create new dependencyManagement, update properties?)
• [x] Re-resolving with the proposed changes, to check if new vulns are introduced (and try also fix those)
• [x] How to structure program to use override for maven and relock for npm.

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 80.87649% with 48 lines in your changes missing coverage. Please review.

Project coverage is 65.65%. Comparing base (e619fcc) to head (0f71e37).

Files	Patch %	Lines
internal/remediation/override.go	86.32%	20 Missing and 9 partials :warning:
internal/remediation/remediation.go	44.44%	10 Missing :warning:
cmd/osv-scanner/fix/noninteractive.go	0.00%	4 Missing and 2 partials :warning:
cmd/osv-scanner/fix/interactive.go	0.00%	3 Missing :warning:

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #1025 +/- ## ========================================== + Coverage 65.32% 65.65% +0.33% ========================================== Files 150 151 +1 Lines 12529 12773 +244 ========================================== + Hits 8184 8386 +202 - Misses 3884 3916 +32 - Partials 461 471 +10 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.