Expose CPE information in more places.

[captn3m0]

https://repology.org/security/recent-cpes seems to be the only page that exposes CPE information currently. It would be nice if CPE information was included in other places:

1. /project/:project/information could include it.
2. /api/v1/project/:project, but unsure how it would work against various packages.
3. /all-cpes or something of the sort, with a machine-readable version (/all-cpes.txt) would be great to have.

Use-case: We track repology identifiers at endoflife.date, and while we can use the API to correlate the repology project names with all the various packages (and correspondingly PURLs), we can't do the same for CPEs.

[AMDmi3]

I don't think it's a good idea. Consider that CPE bindings are only used internally, only for NVD integration, only for subset projects with known CVEs. NVD per se dictates our CPE bindings, as a result these are broken and unreliable. Not only it's normal to have multiple bindings for a single project, but also due to political reasons NVD avoids to use CPE vendor field for an actual vendor, so it's also normal to have vendors like {foo}_project, and that makes bindings ambiguous in addition to being excessive.