Support CVE ID assignment using CVE Program services

[zmanion]

VINCE should support CVE ID assignment, including pool management for a CNA, using the developing CVE Program services (e.g., authentication and IDR).

https://github.com/CVEProject/cve-services/wiki/Developer-Guide-to-CVE-Services-API

https://github.com/RedHatProductSecurity/cvelib

[zmanion]

Note: VINCE currently can generate CVE JSON, a future request will be to integrate CVE ID submission to whatever appropriate service, which may or may not be the IDR.

[zmanion]

Probably use this, which currently supports some user/org management and CVE ID management and requests (but not yet submitting CVE IDs, which the services don't support yet either).

https://github.com/RedHatProductSecurity/cvelib

[zmanion]

Possibly sub-issues:

1. Manage CNA/organization and users, API keys
2. Request CVE IDs, probably in the vulnerability UI in a case
3. Track/report/manage requested and assigned CVE IDs
4. Publish/post/submit CVE IDs, probably in or near the vulnerability note UI, but independent of publishing the vulnerability note

4 will require collecting and verifying minimum required information for a valid CVE entry. Description can come from existing vulnerability description field.