feat(vulnfeeds): create a CVE-CNA allowlist (#4340)

Move the default allowlist for the CNAs whose CVE's we're ingesting to a
.txt file.

This PR will also enable the ingestion of CVEs from the following CNAs:
- GitLab
- Centreon
- @ huntrdev

Author: jess-lowe

vulnfeeds/cmd/cve-bulk-converter/cna_allowlist.txt

@@ -0,0 +1,5 @@
+Linux
+GitHub_M
+GitLab
+Centreon
+@huntrdev

vulnfeeds/cmd/cve-bulk-converter/main.go

@@ -2,6 +2,7 @@
 package main
 
 import (
+	_ "embed"
 	"encoding/json"
 	"flag"
 	"log/slog"
@@ -19,11 +20,14 @@ import (
 var (
 	repoDir        = flag.String("cve_repo", "cvelistV5", "CVEListV5 directory path")
 	localOutputDir = flag.String("out_dir", "cvelist2osv", "Path to output results.")
-	years          = flag.String("years", "2022,2023,2024,2025", "A comma-separated list of years to process.")
+	years          = flag.String("years", "2021,2022,2023,2024,2025", "A comma-separated list of years to process.")
 	workers        = flag.Int("workers", 30, "The number of concurrent workers to use for processing CVEs.")
-	cnas           = flag.String("cnas", "Linux,GitHub_M", "A comma-separated list of CNAs to process.")
+	cnas           = flag.String("cnas", "", "A comma-separated list of CNAs to process. If not provided, defaults to cna_allowlist.txt.")
 )
 
+//go:embed cna_allowlist.txt
+var cnaAllowlistData []byte
+
 func main() {
 	flag.Parse()
 	logger.InitGlobalLogger()
@@ -35,8 +39,18 @@ func main() {
 
 	jobs := make(chan string)
 	var wg sync.WaitGroup
+	var cnaList []string
+	if *cnas != "" {
+		cnaList = strings.Split(*cnas, ",")
+	} else {
+		for _, cna := range strings.Split(string(cnaAllowlistData), "\n") {
+			cna = strings.TrimSpace(cna)
+			if cna != "" {
+				cnaList = append(cnaList, cna)
+			}
+		}
+	}
 
-	cnaList := strings.Split(*cnas, ",")
 	// Start the worker pool.
 	for range *workers {
 		wg.Add(1)