feat(cmd): add source and image subcommands to scan

[hogo6002]

This change does not break any existing behaviour.

• Creates source and image subcommands for scan.
• Inserts source as the default subcommand if none is provided.
• Removes the experimental-oci-image flag and its tests.
• Adds a feedback link to HTML output

For project scanning, users can use the following commands:

• osv-scanner <file_name>
• osv-scanner scan <file_name>
• osv-scanner scan source <file_name>

For docker scanning, users can use the following commands:

• osv-scanner scan image <docker_image>
• osv-scanner scan image --archive <docker_image.tar>

Help command:

NAME:
  osv-scanner - scans various mediums for dependencies and checks them against the OSV database

USAGE:
  osv-scanner [global options] command [command options]

EXAMPLES:
  # Scan a source directory
  $ osv-scanner scan source -r <source_directory>

  # Scan a container image
  $ osv-scanner scan image <image_name>

  # Scan a local image archive (e.g. a tar file) and generate HTML output
  $ osv-scanner scan image --serve --archive <image_name.tar>

  # Fix vulnerabilities in a manifest file and lockfile (non-interactive mode)
  $ osv-scanner fix --non-interactive -M <manifest_file> -L <lockfile>

  For full usage details, please refer to the help command of each subcommand (e.g. osv-scanner scan --help).

VERSION:
  1.9.1

COMMANDS:
  scan     scans projects and container images for dependencies, and checks them against the OSV database.
  fix      [EXPERIMENTAL] scans a manifest and/or lockfile for vulnerabilities and suggests changes for remediating them
  help, h  Shows a list of commands or help for one command


GLOBAL OPTIONS:
    --help, -h  show help  --version, -v  print the version

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 61.09422% with 128 lines in your changes missing coverage. Please review.

Project coverage is 68.96%. Comparing base (905d53b) to head (f2ea2c0).
Report is 4 commits behind head on main.

Files with missing lines	Patch %	Lines
cmd/osv-scanner/scan/source/main.go	61.11%	37 Missing and 12 partials ⚠️
cmd/osv-scanner/scan/image/main.go	48.00%	31 Missing and 8 partials ⚠️
cmd/osv-scanner/internal/helper/helper.go	21.42%	31 Missing and 2 partials ⚠️
cmd/osv-scanner/main.go	94.02%	3 Missing and 1 partial ⚠️
pkg/osvscanner/osvscanner.go	25.00%	2 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1519      +/-   ##
==========================================
- Coverage   69.08%   68.96%   -0.13%     
==========================================
  Files         197      200       +3     
  Lines       18864    18959      +95     
==========================================
+ Hits        13033    13075      +42     
- Misses       5129     5164      +35     
- Partials      702      720      +18     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[another-rex]

Let's update the osv-scanner scan docker to the original version, where we only pull images (or check existing images) in the docker engine, and have local tar files be used if you specify the --archive flag.

[another-rex]

Just some minor comments, otherwise this looks good!