Support for scanning archlinux

[SettRaziel]

What would you like to be added:
Support for Arch Linux

Why is this needed:
As a rolling release distribution archlinux provides updated versions for the packages it uses. It is very popular and maintains its own base images on DockerHub. They provide information regarding security issues and a security feed for its advisories.
It would be an awesome addition if the grype engine provides scanning capabilities for it.

Additional context:
Current scanning output:
$ grype archlinux:latest
✔ Vulnerability DB [no update available]
✔ Parsed image
✔ Cataloged packages [0 packages]
✔ Scanned image [0 vulnerabilities]

[wagoodman]

To support this we'll need to implement anchore/syft#6 (in syft)

[Foxboron]

Syft now has support anchore/syft#241

[Foxboron]

@tgerla Which PR solved this issue?

[spiffcs]

@Foxboron should have been this one
anchore/syft#943

[Foxboron]

I don't quite understand how the syft implementation solved this grype issue?

It's not parsing the security tracker from Arch?

[Foxboron]

The answer is that it doesn't.

λ grype main» ./main archlinux
 ✔ Vulnerability DB        [updated]
 ✔ Parsed image
 ✔ Cataloged packages      [113 packages]
 ✔ Scanned image           [5 vulnerabilities]
NAME        INSTALLED   FIXED-IN  TYPE  VULNERABILITY   SEVERITY
gnupg       2.2.40-1              alpm  CVE-2022-34903  Medium
gnupg       2.2.40-1              alpm  CVE-2022-3515   Critical
libarchive  3.6.2-2               alpm  CVE-2022-36227  Critical
zlib        1:1.2.13-2            alpm  CVE-2018-25032  High
zlib        1:1.2.13-2            alpm  CVE-2022-37434  Critical

CVE-2022-37434 is marked as vulnerable, while it's marked as fixed in our security tracker.

https://security.archlinux.org/AVG-2821

Please disable this support until it can track fixed issues from our tracker.

@spiffcs