[WIP]Add cvrf parser and import opensuse cvrf advisories

[sbs2001]

The cvrf parser is obtained by forking https://github.com/oasis-open/csaf-parser and trimming it down .

TODOs:

• Trim the parser further. This includes removing the cli funtionality of parser entirely,rather than giving it fixed inputs and removing support for other schemas.

• Handle the licensing. Should I add LICENSE from https://github.com/oasis-open/csaf-parser/blob/master/LICENSE to the parser directory or do something else? , @pombredanne help please

• Tests! Here is some sample data which was successfully dumped in db.

sampledata.zip

I also tried this parser to get data from Red hat's cvrfs and it works, but that's not in the scope of this PR for now.

Fixes #62, addresses #44 and #41

[sbs2001]

https://colab.research.google.com/drive/1eLKwA5oe6pfCtKBqP672AQmWITmAKG9s here's google colab notebook to see the importer running

[sbs2001]

I've realized that OVAL advisories are better than CVRF advisories, because of following reason

OVAL advisories have a concrete way of denoting a package's name and it's version. On the other hand CVRF advisories publish package with it's name and version in one string. So we have to do some guesswork(which no matter how accurate, is bad) to figure out what is package name and what is package version.

I would rather prefer to import data from SUSE OVAL advisory than CVRF advisories. I'll leave this open in case we might need to handle CVRF advsiories(in case no other formats are available)