test: Add triage to requirements test to address aiohttp disputed cve

[terriko]

This PR adds triage (a merged report) into the requirements test so that we can (temporarily?) ignore the current aiohttp CVE which is unfixed and may be disputed.

• add triage data for aiohttp

• Update test to use triage data provided

• update test so it handles ignored CVEs correctly

• update merge reports documentation to give list of acceptable options in the "remarks" field.

• related A dependency (aiohttp) is flagged with a moderate rated CVE #1741

[codecov-commenter]

Codecov Report

Merging #1746 (b8ae11e) into main (6c13a9d) will decrease coverage by 0.35%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##             main    #1746      +/-   ##
==========================================
- Coverage   83.84%   83.48%   -0.36%     
==========================================
  Files         307      307              
  Lines        6581     6589       +8     
  Branches     1068     1069       +1     
==========================================
- Hits         5518     5501      -17     
- Misses        820      843      +23     
- Partials      243      245       +2     

Flag	Coverage Δ
longtests	83.48% <0.00%> (-0.36%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
test/test_requirements.py	0.00% <0.00%> (ø)
cve_bin_tool/available_fix/debian_cve_tracker.py	63.26% <0.00%> (-14.29%)	⬇️
cve_bin_tool/nvd_api.py	75.20% <0.00%> (-8.80%)	⬇️
cve_bin_tool/cli.py	71.09% <0.00%> (+0.39%)	⬆️

📣 Codecov can now indicate which changes are the most critical in Pull Requests. Learn more

[terriko]

Note for Terri: change this to read a json output, check for any CVEs that are not ignored.

[terriko]

The test passes for me locally with the last change. Going to let it run before explicitly tagging folk for review, but code reviews very welcome at this stage.

[b31ngd3v]

LGTM!

[anthonyharrison]

Looks fine to me