fix(report-redhat): fix false negative of affected vulns #827

[kotakanbe]

What did you implement:

see #827

https://access.redhat.com/blogs/product-security/posts/2066793

“Affected”: this package is affected by this flaw on this platform
“Not affected”: this package, which ships on this platform, is not affected by this flaw
“Fix deferred”: this package is affected by this flaw on this platform, and may be fixed in the future
“Under investigation”: it is currently unknown whether or not this flaw affects this package on this platform, and it is under investigation
“Will not fix”: this package is affected by this flaw on this platform, but there is currently no intention to fix it (this would primarily be for flaws that are of Low or Moderate impact that pose no significant risk to customers)

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

./vuls report with gostdb and check the results

Checklist:

You don't have to satisfy all of the following.

• Write tests
• Write documentation
• Check that there aren't other open pull requests for the same issue/feature
• Format your source code by make fmt
• Pass the test by make test
• Provide verification config / commands
• Enable "Allow edits from maintainers" for this PR
• Update the messages below

Is this ready for review?: YES