GET /api/v1/package/{uuid} fails with some packages

[carlosthe19916]

Steps to reproduce:

• Start a clean instance of trustify
• Enable only the "redhat-csaf" importer. Wait some minutes
• Search for packages like ose-powervs-cloud-controller-manager-rhel8 and try to fetch it by their uuid, we will see an error:

{
    "error": "Database error",
    "message": "Query Error: error returned from database: invalid input syntax for type numeric: \"sha256:f579ee538e6f4bfa4d9c20bf2680d7fc3ec7a757a40637a743b7962187b4d6a1\""
}

https://github.com/trustification/trustify/assets/2582866/6e1012b5-f0e1-43a8-b1d0-9eb1284b4044

Hint: it seems to happen with package whose version are something like sha256:cfb31631b19c2e9d2ef28bac6d4471c97e79976b0c9590032cf0206bfcd3e4f3 ; on the other hand, packages with versions like 1.2.3 work fine

[ctron]

This looks like a mix of data types. "Packages" is most like "PURLs" (which we still label incorrectly). Actual packages have an ID which is a UUID (because we use UUIDs in many cases internally).

What looks like a "package version" here is, most likely, actually the "version" component of a "PURL" from a container. Same format, but unknown to our system.

The endpoint /api/v1/package/{uuid} does NOT work with packages, but with PURLs. The UUID is just accidentally a UUID, that should just be an "ID" field (which happens to be a UUID, but that's an implementation detail).