feat: register RapidFort as a vulnerability provider

[vaibhav-rf]

Summary

Registers the rapidfort provider in grype-db so that RapidFort security
advisories are included in every database build and validated by the
quality gate.

The provider implementation lives in the vunnel repo. This PR is the
grype-db-side registration only — two lines across two config files.

Changes

config/grype-db/publish-nightly-r2.yaml

Added rapidfort to the provider list so it is pulled and ingested on every
nightly build run alongside all other OS advisory providers.

- name: rapidfort

config/grype-db-manager/include.d/validate.yaml

Added rapidfort to expected-providers so the quality gate fails if the
provider is missing from a built database.

- rapidfort

What the provider produces

• Namespaces: rapidfort-ubuntu:<version>, rapidfort-alpine:<version>
  (Red Hat support exists in the parser but advisory data is Ubuntu + Alpine
  for this release)
• Source: shallow clone of https://github.com/rapidfort/security-advisories
• Volume: ~1,760 advisory files (~1,427 Ubuntu, ~329 Alpine) as of first run
• Namespace isolation: provider-prefixed namespaces keep RapidFort advisories
  separate from standard upstream distro scans in Grype

Dependencies

• Requires the rapidfort vunnel provider to be available in the vunnel Docker
  image used by the nightly pipeline

Test plan

• Nightly build includes rapidfort in provider output without errors
• grype-db-manager validate passes with rapidfort present in built DB
• Quality gate F1 regression stays within 15% threshold
• Scanning a RapidFort-curated Ubuntu or Alpine image resolves
  rapidfort-ubuntu:* / rapidfort-alpine:* namespaces correctly