Start on override strategy for maven guided remediation (#1025)

Start on a new 'override' remediation strategy for guided remediation
for maven, intending to remediate by forcing the use of non-vulnerable
versions by `dependencyManagement`.

This is just the logic to identify possible override patches by
searching for the first non-vulnerable version of an affected package.

cmd/osv-scanner/fix/interactive.go

@@ -2,14 +2,20 @@ package fix
 
 import (
 	"context"
+	"errors"
 
 	tea "github.com/charmbracelet/bubbletea"
+	"github.com/google/osv-scanner/internal/remediation"
 )
 
 // TODO: currently, it's impossible to undo commands
 // Need to think about how to support this
 
 func interactiveMode(ctx context.Context, opts osvFixOptions) error {
+	if !remediation.SupportsRelax(opts.ManifestRW) && !remediation.SupportsInPlace(opts.LockfileRW) {
+		return errors.New("no supported remediation strategies found")
+	}
+
 	cl := opts.Client
 	p := tea.NewProgram(newModel(ctx, opts, cl), tea.WithAltScreen())
 	m, err := p.Run()

cmd/osv-scanner/fix/noninteractive.go

@@ -2,6 +2,7 @@ package fix
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"os"
 	"slices"
@@ -17,6 +18,10 @@ import (
 )
 
 func autoInPlace(ctx context.Context, r reporter.Reporter, opts osvFixOptions, maxUpgrades int) error {
+	if !remediation.SupportsInPlace(opts.LockfileRW) {
+		return errors.New("in-place strategy is not supported for lockfile")
+	}
+
 	r.Infof("Scanning %s...\n", opts.Lockfile)
 	f, err := lockfile.OpenLocalDepFile(opts.Lockfile)
 	if err != nil {
@@ -92,6 +97,10 @@ func autoChooseInPlacePatches(res remediation.InPlaceResult, maxUpgrades int) ([
 }
 
 func autoRelock(ctx context.Context, r reporter.Reporter, opts osvFixOptions, maxUpgrades int) error {
+	if !remediation.SupportsRelax(opts.ManifestRW) {
+		return errors.New("relock strategy is not supported for manifest")
+	}
+
 	r.Infof("Resolving %s...\n", opts.Manifest)
 	f, err := lockfile.OpenLocalDepFile(opts.Manifest)
 	if err != nil {