feat(oracle): add flavors support

[DmitriyLewen]

Description

Add flavors (fips, ksplice, etc. versions) for Oracle Linux.
Trivy doesn't need to check version with different flavors.
See #1967 (comment) for more details.

Example of Trivy work:
before:

➜  trivy git:(feat/ol-flavors) ✗ trivy -q image oraclelinux:8 

oraclelinux:8 (oracle 8.10)

Total: 7 (UNKNOWN: 0, LOW: 0, MEDIUM: 6, HIGH: 1, CRITICAL: 0)

┌───────────┬────────────────┬──────────┬────────┬───────────────────┬──────────────────────────┬─────────────────────────────────────────────────────────────┐
│  Library  │ Vulnerability  │ Severity │ Status │ Installed Version │      Fixed Version       │                            Title                            │
├───────────┼────────────────┼──────────┼────────┼───────────────────┼──────────────────────────┼─────────────────────────────────────────────────────────────┤
│ gnutls    │ CVE-2021-20231 │ MEDIUM   │ fixed  │ 3.6.16-8.el8_9.3  │ 10:3.6.16-4.0.1.el8_fips │ gnutls: Use after free in client key_share extension        │
│           │                │          │        │                   │                          │ https://avd.aquasec.com/nvd/cve-2021-20231                  │
│           ├────────────────┤          │        │                   │                          ├─────────────────────────────────────────────────────────────┤
│           │ CVE-2021-20232 │          │        │                   │                          │ gnutls: Use after free in client_send_params in             │
│           │                │          │        │                   │                          │ lib/ext/pre_shared_key.c                                    │
│           │                │          │        │                   │                          │ https://avd.aquasec.com/nvd/cve-2021-20232                  │
│           ├────────────────┤          │        │                   │                          ├─────────────────────────────────────────────────────────────┤
│           │ CVE-2021-3580  │          │        │                   │                          │ nettle: Remote crash in RSA decryption via manipulated      │
│           │                │          │        │                   │                          │ ciphertext                                                  │
│           │                │          │        │                   │                          │ https://avd.aquasec.com/nvd/cve-2021-3580                   │
│           ├────────────────┤          │        │                   ├──────────────────────────┼─────────────────────────────────────────────────────────────┤
│           │ CVE-2024-0553  │          │        │                   │ 10:3.6.16-8.el8_9.1_fips │ gnutls: incomplete fix for CVE-2023-5981                    │
│           │                │          │        │                   │                          │ https://avd.aquasec.com/nvd/cve-2024-0553                   │
│           ├────────────────┤          │        │                   ├──────────────────────────┼─────────────────────────────────────────────────────────────┤
│           │ CVE-2024-28834 │          │        │                   │ 10:3.6.16-8.el8_9.3_fips │ gnutls: vulnerable to Minerva side-channel information leak │
│           │                │          │        │                   │                          │ https://avd.aquasec.com/nvd/cve-2024-28834                  │
├───────────┼────────────────┼──────────┤        ├───────────────────┼──────────────────────────┼─────────────────────────────────────────────────────────────┤
│ libgcrypt │ CVE-2021-40528 │ HIGH     │        │ 1.8.5-7.el8_6     │ 10:1.8.5-7.el8_6_fips    │ libgcrypt: ElGamal implementation allows plaintext recovery │
│           │                │          │        │                   │                          │ https://avd.aquasec.com/nvd/cve-2021-40528                  │
│           ├────────────────┼──────────┤        │                   ├──────────────────────────┼─────────────────────────────────────────────────────────────┤
│           │ CVE-2021-33560 │ MEDIUM   │        │                   │ 10:1.8.5-6.el8_fips      │ libgcrypt: mishandles ElGamal encryption because it lacks   │
│           │                │          │        │                   │                          │ exponent blinding to address a...                           │
│           │                │          │        │                   │                          │ https://avd.aquasec.com/nvd/cve-2021-33560                  │
└───────────┴────────────────┴──────────┴────────┴───────────────────┴──────────────────────────┴─────────────────────────────────────────────────────────────┘

after:

➜  trivy git:(feat/ol-flavors) ✗ ./trivy -q image oraclelinux:8

oraclelinux:8 (oracle 8.10)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

Related issues

• Close False Positives being reported from Trivy 0.24.2 - oraclelinux:8 image #1967

Related PRs

• fix(oracle-oval): Support multiple ELSAs per CVE trivy-db#221

Checklist

• I've read the guidelines for contributing to this repository.
• I've followed the conventions in the PR title.
• I've added tests that prove my fix is effective or that my feature works.
• I've updated the documentation with the relevant information (if needed).
• I've added usage information (if the PR introduces new options)
• I've included a "before" and "after" example to the description (if the PR is a user interface change).