feat: add support for vulnerability query of sub ecosystems

[szeidler]

See discussion: renovatebot/renovate#39967
See PR: renovatebot/renovate#40004

Prior to this change, osv-offline only matched exact ecosystem in the nedb query, which causes vulnerabilities from the using a Packagist sub-ecosystem suffix to be ignored. With this update, we allow matching on ecosystem or any sub-ecosystem, enabling matching for cases like the Drupal Packagist sub-ecosystem.

The $elemMatch properties needed to be adjusted to successfully be able to use the startsWith regular expression.

With the old way this was not supported:

package: {
  name: packageName,
  ecosystem,
  purl: packageToPurl(ecosystem, packageName),
},

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.95%. Comparing base (3f91171) to head (236f059).
⚠️ Report is 2 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1498      +/-   ##
==========================================
+ Coverage   92.75%   92.95%   +0.20%     
==========================================
  Files           6        6              
  Lines          69       71       +2     
  Branches        7        7              
==========================================
+ Hits           64       66       +2     
  Misses          5        5              

Flag	Coverage Δ
node22-Linux	92.95% <100.00%> (+0.20%)	⬆️
node24-Linux	92.95% <100.00%> (+0.20%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.