Add advisory-based VCIO API support with backward-compatible normalization layer

[dikshaa2909]

Summary

Addresses #2002

Add support for advisory-based VCIO API responses while preserving compatibility with the existing vulnerability-based model.

Changes

• Introduced extract_security_entries() to centralize security entry handling.
• Added normalize_advisories() to map affected_by_advisories into the existing vulnerability-compatible structure.
• Preserved current affected_by_vulnerabilities behavior (no schema changes).
• Added tests covering:
  • Advisory-based responses
  • Backward compatibility
  • Unexpected/empty API responses

Migration Strategy

The VCIO API is migrating from vulnerabilities to advisories.
This PR adds a minimal normalization layer to support both formats without requiring model, template, or database changes.

This enables phased migration while keeping the integration stable and backward compatible.

[dikshaa2909]

Hi @TG1999 could you please review this PR when you get a chance? Thank you!

[dikshaa2909]

Hi @tdruez @pombredanne @TG1999 can u pls review it when u have time ! Thanks !

[AyanSinhaMahapatra]

This PR doesn't change the majority of the code in https://github.com/aboutcode-org/scancode.io/blob/main/scanpipe/pipes/vulnerablecode.py which uses the old API to get vulnerabilities data, but just performs a very basic data normalization, instead of using the new API/data and refactoring all the changes required.

This is a large, complex task and @dikshaa2909 please do not submit PRs which are spam/low effort/vibe coded, without even running/passing the tests locally, as this wastes the maintainers time. This also negatively affects getting selected into GSoC.

Closing!

[dikshaa2909]

@AyanSinhaMahapatra
Thanks for the feedback and for reviewing the PR. Apologies for the noise caused. I understand the concern and will take more time to review the existing implementation and ensure tests pass locally before submitting future PRs. Appreciate the guidance.