add: Add support for CleanStart OS vulnerability data provider

[cleanstart-community-admin]

Summary

Adds CleanStart OS as a vulnerability data provider in Vunnel, enabling Grype to ingest and match vulnerabilities from the CleanStart Security Advisories database. This is the data provider counterpart to the distro support added in anchore/grype#3281.

Motivation

Without this provider, Grype has no vulnerability data to match against when scanning CleanStart-based container images. This provider ingests advisories from the CleanStart Security Advisories repository and makes them available to the Grype database build pipeline.

Changes

• Add new provider at src/vunnel/providers/cleanstart/ that clones and ingests advisories from github.com/cleanstart-dev/cleanstart-security-advisories
• Advisories are published in OSV format under the CleanStart ecosystem — no transformation required
• Provider walks year-based subdirectories (2025/, 2026/) to collect all advisories
• Supports incremental updates via git pull on subsequent runs
• Register provider in the vunnel provider dispatch table
• Add CleanStart quality gate test image to tests/quality/config.yaml

Type of change

• New feature (non-breaking change which adds functionality)

Checklist

• I have added unit tests that cover changed behavior
• I have tested my code in common scenarios and confirmed there are no regressions
• I have added comments to my code, particularly in hard-to-understand sections