Add migrations for status and package assertion.

[bobmcwhirter]

This PR re-works all of the assertions stuff by primarily...

removing the old table-per-assertion crap that didn't work. adding version-range table (with associated version-scheme [semver, maven, pypi, etc]) adding a status table to avoid hard-coding and allow expansion in the future.

Currently surfaced through ingesting advisories to create rows in the tables. And then pulled out for only /api/v1/package/{uuid} currently while we evaluate the shape of the DTOs.

Will definitely expand where package status can appear later (package, package-version, advisory, etc...)

But the plumbing is in place.

ALSO

This removes quite a few of the read-side operations from Graph as they shouldn't be there.

[bobmcwhirter]

@ctron tests stripped down because they were... the wrong tests? bad tests? Basically they were relying on a lot of read-centric operations on Graph that shouldn't be there.

Ultimately, I think we need to probably go about testing ingestors differently, to ensure ingested data is as-expected, probably from the fundamental side of the stick.

[bobmcwhirter]

@jcrossley3 adjusted migrations in this PR to be completely self-contained, not importing enums from others.

Also made their enums private to avoid escapage.