Add support to severity and cvss metrics in json and report

[chen-keinan]

Hi,
thank you for this amazing project
It looks like severity and CVSS metrics are missing from JSON and report.
example:

---
module: github.com/gin-gonic/gin
versions:
- fixed: v1.6.0
description: |
  The default [`Formatter`][LoggerConfig.Formatter] for the [`Logger`][] middleware
  (included in the [`Default`][] engine) allows attackers to inject arbitrary log
  entries by manipulating the request path.
published: '2021-04-14T12:00:00.000Z'
credit: "@thinkerou <thinkerou@gmail.com>"
symbols:
- defaultLogFormatter
links:
  pr: https://github.com/gin-gonic/gin/pull/2237
  commit: https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d
cve_metadata:
  id: CVE-9999-0001
  cwe: 'CWE-20: Improper Input Validation'
  description: |
    Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0
    allows remote attackers to inject arbitary log lines.
  cvss:
    version: v2
    score: '4.0'
    vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

I have created PR with support for both the severity field on JSON and CVSS data on the report (if exist at that time)
please confirm its satisfied the needs for it and review my PR : 6#

[julieqiu]

Moved to the Go issue tracker: golang/go#50004.

The x/vulndb issue tracker is currently only meant for use by the Go security team for tracking CVEs that should be included in the Go vulnerability database.

[gopherbot]

Change https://go.dev/cl/465176 mentions this issue: data/reports: add vulnerable_at to GO-2020-0007.yaml