feat(cve): include PkgPath information in image cve UI list using sections and in CVE export

[vrajashkr]

What type of PR is this? feature

Which issue does this PR fix: Towards https://github.com/project-zot/zot/issues/2175

What does this PR do / Why do we need it: This PR displays the Package Path information for the package list for a given CVE in the vulnerabilities list. Since there is more data being displayed, this PR also brings in a change to display this information in a vertically stacked form with a separate section for each affected package.

References #426

Testing done on this change: Screenshots:

CSV export:

id,severity,title,description,reference,packageName,packagePath,packageInstalledVersion,packageFixedVersion
CVE-2016-1000027,CRITICAL,spring: HttpInvokerServiceExporter readRemoteInvocation method untrusted java deserialization,"Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.",https://avd.aquasec.com/nvd/cve-2016-1000027,org.springframework:spring-web,usr/local/artifacts/spring-web-5.3.31.jar,5.3.31,6.0.0

XLSX export:

Will this break upgrades or downgrades. Has updating a running cluster been tested?: Ideally, this should not break upgrades or downgrades as the older graphQL query should continue working just fine as well as the updated query. No, updating a running cluster has not been tested.

Does this change require updates to the CNI daemonset config files to work?: N/A

Does this PR introduce any user-facing change?: Yes

The package list for a given CVE is now displayed in a vertical form with a section for each affected package.
Additionally, the package path for a given CVE (if available) is also displayed. If the package path is not available, the field will indicate 'Not Specified'.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[vrajashkr]

I've kept the PR in Draft state temporarily as I'm seeing some local Unit Test failures which I'm not able to immediately figure out.

[vrajashkr]

I've kept the PR in Draft state temporarily as I'm seeing some local Unit Test failures which I'm not able to immediately figure out.

Fixed! Missed to change the data testId :)

There was an additional suggestion regarding whether we'd like to hide this data in mobile view. Ref: https://github.com/project-zot/zui/pull/426#issuecomment-1961070897

Once we're all on the same page about whether to hide it, I can probably make that change in a separate PR.

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 82.87%. Comparing base (33524ce) to head (8fa9abc).

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #428 +/- ## ========================================== + Coverage 82.82% 82.87% +0.04% ========================================== Files 62 63 +1 Lines 1875 1880 +5 Branches 483 483 ========================================== + Hits 1553 1558 +5 Misses 311 311 Partials 11 11 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[vrajashkr]

Hi @raulkele, gentle bump on this PR.

Would be great to get your feedback. Thanks!

[raulkele]

Code looks good, only one small syntactic sugar suggestion. Now just looking for a final decision as to which version is preferred.

[rchincha]

Like this better than PR #426