[feature] CVE support on conandata.yml

[uilianries]

Hi!

CVE is a list of records (each containing an identification number, a description, and at least one public reference) for publicly known cybersecurity vulnerabilities, which can point C/C++ libraries too (OpenSSL for instance).

As Conan Center Index supports multiple versions for a same package and customers are not forced to update their copies, it would be great warn them about security flaws on old versions as advice.

Conan is a package manager, not a security scanner, so we could add a section on conandata.yml which would print an warning about that flaw, instead of scanning errors.

For instance:

sources:  
  1.1.1h:
    sha256: 5c9ca8774bd7b03e5784f26ae9e9e6d749c9da2438545077e6b3d755a06595d9
    url: "https://www.openssl.org/source/openssl-1.1.1h.tar.gz",
cve:
  1.1.1h:
    - 2020-1971

    conan install openssl/1.1.1h@
    WARN: openssl/1.1.1h@ has security vulnerabilities: CVE-2020-1971

or

    conan install openssl/1.1.1h@
    WARN: openssl/1.1.1h@ has security vulnerabilities:
    - CVE-2020-1971: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971
    - ...

Related to #3263

• [ X ] I've read the CONTRIBUTING guide.

[uilianries]

Analyzing again, this feature is not functional.

• First we would need add manually each CVE data, and manually
• We would need to re-build each package, otherwise won't be possible to print that warning.