feat: Make website no longer depend on Bug entities

[michaelkedar]

Make use of the ListedVulnerability datastore entity for the /list page, and the GCS bucket for the vulnerability page, instead of the hefty, deprecated Bug entity for both.

Unfortunately, the ListedVulnerability does not quite have enough information as-is to 100% match the current behaviour, and a couple of things will be regressed:

• feat(frontend): Added weighted search results #3356 because we don't have alias/related/upstream information on the new entity. I've made exact ID matches sort first, which should be okay temporarily.
• Inaccurate "Fix Available" tag when filtering by versioned ecosystems #3812 / fix(frontend): fix ecosystem filtering for versioned ecosystem variants #3813 since there is no per-ecosystem is_fixed field on the ListedVulnerability (and computing it currently would require another query to the full vulnerability, which I'm trying to avoid on the list page). I think we could update the ListedVulnerability to have a list of fixed ecosystems to re-enable this, but I'd want to do that in a followup PR.
• Also, records that have no affected packages (but are not withdrawn) will now show up on the search page. IDK if that's preferable or not.

[michaelkedar]

/gemini review

[another-rex]

Is this correct?

[michaelkedar]

Yeah - I use this function both for the vulnerability page (osv vulns have the severity field) and the list page (ListedVulnerabilities use severities)