Implement OSV in the classical Scanner workflow

[fraxken]

Add a new strategy / set of API to support the new OpenSSF project OSV: https://osv.dev/

Also see the official GitHub repository: https://github.com/ossf/malicious-packages

[fraxken]

API has been added in #216. The big question now is how can we use in a normal workflow when running a strategy like NPM Audit and then we also want to assert all packages using OSV database?

We probably need to get a list of packages using Arborist and then batch a request to OSV (launching too many request could be a big problem too).