rhel(oval): support unfixed OpenShift 4 vulnerabilities

[RTann]

The OVAL v2 feeds specifies the next, unreleased version of OpenShift 4 for unfixed OpenShift 4 vulnerabilities. It is meant to indicate each version, y, of OpenShift 4, 4.0 <= y <= 4.x, is affected, where x is the next, unreleased version of OpenShift 4.

ClairCore expects the CPEs to only specify the exact version(s) which is/are affected, as it performs exact matches on the CPEs when matching vulnerabilities. This PR creates clones of the vulnerability for each OpenShift 4 CPE, 4.0 <= y <= 4.x, which is affected by the vulnerability so ClairCore may continue to perform its exact matching on CPEs.

[codecov]

Codecov Report

Attention: 22 lines in your changes are missing coverage. Please review.

Comparison is base (25d5e29) 52.04% compared to head (d57da19) 52.11%.

Files	Patch %	Lines
rhel/parser.go	62.71%	19 Missing and 3 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1163      +/-   ##
==========================================
+ Coverage   52.04%   52.11%   +0.07%     
==========================================
  Files         220      220              
  Lines       16839    16892      +53     
==========================================
+ Hits         8764     8804      +40     
- Misses       7264     7276      +12     
- Partials      811      812       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[RTann]

This will be closed in favor of supporting this with VEX files in the future