Bring forward status assertions to package-versions.

[bobmcwhirter]

Also, bring towards Vulnerability details, including stanzas akin to Note: the set of possible statuses is unbound, but may include at least some intrinsic ones, such as "affected", "not_affected", and "fixed".

Versions are denoted as one of:

• A singular version without delimiters.
• A range, using [ and ] to denote inclusive and ( and ) as exclusive.
  • These can be mixed within a single range, to indicate that the range is half-open, possibly. (Inclusive of the low side, but exclusive to the high side)
• For any range, low or high may be absent, indicating unbounded/infinite.
• If no versions are provided, a * is provided, indicating all versions are represented by that status.

      "statuses": {
        "affected": [
          {
            "package": {
              "uuid": "9adb7324-89b7-5fe0-a556-23218e39ebf3",
              "purl": "pkg://cargo/hyper"
            },
            "version": "[0.0.0-0,0.14.10)"
          }
        ],
        "fixed": [
          {
            "package": {
              "uuid": "9adb7324-89b7-5fe0-a556-23218e39ebf3",
              "purl": "pkg://cargo/hyper"
            },
            "version": "0.14.10"
          }
        ]
      }
    },