Improve the UX of failed vulnerability retrieval by the API

[andrewpollock]

Describe the bug Users try to retrieve a vulnerability (typically a CVE) by the API that the web interface reports as an alias of another vulnerability and that retrieval fails because the CVE record does not exist in OSV.dev

To Reproduce Steps to reproduce the behaviour:

1. View a vulnerability record on OSV.dev with an (unlinked) alias to a CVE
2. Attempt to retrieve that CVE via the API
3. Get a 404/Bug not found response from the API

Expected behaviour The user receives some pointers to documentation to assist with interpreting the search failure.

My initial thoughts:

• include a link to https://osv.dev/faq in the message text
• add a new FAQ entry about bugs not found/404s from the API
• add to https://google.github.io/osv.dev/post-v1-query/ about querying by first class vulnerabilities versus aliases (also discussed in #1016)

Screenshots

Contrived example:

$ GET -s https://api.osv.dev/v1/vulns/CVE-2025-0001
404 Not Found
{"code":5,"message":"Bug not found."}

[github-actions[bot]]

This issue has not had any activity for 60 days and will be automatically closed in two weeks