Add support for collecting GitHub/GitLab vulnerability-related issues and pull requests

[ziadhany]

• issue: fedcode-next: Extract fix commits from pull requests and issues body or comments in search for CVE-related messages #2002
• See also: Process unstructured data sources, such as issues #251

[ziadhany]

The list of repositories we support collecting vulnerability-related issues and pull requests from:

• https://github.com/mirror/busybox
• https://github.com/nginx/nginx
• https://github.com/apache/tomcat
• https://github.com/mongodb/mongo
• https://github.com/redis/redis
• https://github.com/php/php-src
• https://github.com/python/cpython
• https://github.com/ruby/ruby
• https://github.com/golang/go
• https://github.com/nodejs/node
• https://github.com/rust-lang/rust
• https://github.com/openjdk/jdk
• https://github.com/swiftlang/swift
• https://github.com/django/django
• https://github.com/rails/rails
• https://github.com/laravel/framework
• https://github.com/spring-projects/spring-framework
• https://github.com/facebook/react
• https://github.com/angular/angular
• https://github.com/moby/moby
• https://github.com/kubernetes/kubernetes
• https://github.com/containerd/containerd
• https://github.com/ansible/ansible
• https://github.com/hashicorp/terraform
• https://github.com/the-tcpdump-group/tcpdump
• https://github.com/jenkinsci/jenkins
• https://gitlab.com/gitlab-org/gitlab-foss
• https://gitlab.com/wireshark/wireshark
• https://gitlab.com/qemu-project/qemu

[keshav-space]

Thanks @ziadhany, let's move these pipeline here https://github.com/aboutcode-data/vulnerablecode-vcs-collector similar to how we do in https://github.com/aboutcode-org/aboutcode-mirror-nuget-catalog. We can store the list CVE, vcs_url, refrence in a json file per project. And VulnerableCode should have single importer pipeline to import these from there. We will do the same for our existing fix commit collection pipeline those will also moved to github workflow pipeline.