[+] add CVE module: arch tracker, NVD, OSV backends with unified types and ORM
1. add apps/cve/ with unified types (cve_entry_t, cve_severity_t, cve_status_t);
2. backend-specific pydantic models in arch_tracker_types.py, nvd_types.py, osv_types.py;
3. abstract cve_backend_t with estimate_sync (HTTP HEAD) and sync interfaces;
4. arch_tracker backend: fetches /issues/all.json, pydantic validate_json from stream;
5. nvd backend: paginated, rate-limited, date range chunking (120-day max), optional API key;
6. osv backend: batch query API, Debian ecosystem proxy, query_packages() for explicit lists;
7. cve_db_t ORM module: cve_entries, cve_details (JSON blob), cve_sync_meta tables;
8. all db queries return pydantic-validated lists via TypeAdapter;
9. checker.py: check packages against cached CVEs using vercmp version comparison;
10. heuristics.py: normalize product names, known alias table, exact/normalized matching;
11. test_cve.py: 37 tests covering type parsing (real samples), db CRUD, checker logic, heuristics;
LLM
da86659b67