implement OSV conversion

[frasertweedale]

This PR:

• reverts the "limit" change (pursuant to discussion in OSV data model compatibility #3 (comment))
• improves the documentation of the affected.versions table
• implements OSV conversion in the library
• add the hsec-tools osv subcommand for generating OSV data

commit 067ac75ea7a495cdb0c5e2fa9f0f38fa58f876eb
Author: Fraser Tweedale <frase@frase.id.au>
Date:   Tue Jun 27 22:00:21 2023 +1000

    Revert "lib/advisories: add "limit" field for version ranges"
    
    This reverts commit 6b95156a5f373f0cf87576b1ce155c3adc92d479.
    
    Per discussion at [1], the OSV project prefers to (ab?)use the
    "fixed" event type to limit a range, even when there is no fix.
    Revert the commit.  We will add better documentation in a subsequent
    commit.
    
    [1]: https://github.com/haskell/security-advisories/issues/3#issuecomment-1609066385

commit 1c0fd46ce2cbc262e9d9f895b6d52b1bb2230c29
Author: Fraser Tweedale <frase@frase.id.au>
Date:   Tue Jun 27 22:14:40 2023 +1000

    docs: more explanation of affected.versions

commit 2121be02c5bd8757892d9e160f46535f5b9e0373
Author: Fraser Tweedale <frase@frase.id.au>
Date:   Tue Jun 27 22:31:39 2023 +1000

    tools: implement OSV conversion
    
    Add the `Security.Advisories.Convert.OSV` module, which defines the
    conversion from our `Advisory` data type to the OSV `Model`.
    Currently, no database-specific or ecosystem-specific fields are
    set.  Whether or how to use those fields is a matter for future
    discussion.
    
    Re-export the *aeson* encode and decode functions from
    `Security.OSV`, for convenience.
    
    Add the `osv` subcommand to `hsec-tools`.  It works in the same way
    as `check`, but emits the encoded OSV JSON data.
    
    Later commits will add the CI workflows to generate and publish the
    OSV data.
    
    Fixes: https://github.com/haskell/security-advisories/issues/3

• Previous advisories are still valid