OsvFunTest: Add a package with a vulnerability without severity

The vulnerability lacks a severity in its dedicataed property, but has
a 'severity' property in the `databaseSpecific: JSONObject?` property.
This prepares for adding a fallback solution.

Signed-off-by: Frank Viernau <frank_viernau@epam.com>

advisor/src/funTest/assets/retrieve-package-findings-expected-result.json

@@ -49,5 +49,32 @@
         "severity" : "7.5"
       } ]
     } ]
+  } ],
+  "NPM::gun:0.7.0" : [ {
+    "advisor" : {
+      "name" : "Osv",
+      "capabilities" : [ "VULNERABILITIES" ]
+    },
+    "summary" : {
+      "start_time" : "2022-07-11T11:43:59.561110209Z",
+      "end_time" : "2022-07-11T11:44:00.397553119Z"
+    },
+    "defects" : [ ],
+    "vulnerabilities" : [ {
+      "id" : "GHSA-886v-mm6p-4m66",
+      "references" : [ {
+        "url" : "https://github.com/amark/gun/security/advisories/GHSA-886v-mm6p-4m66",
+        "scoring_system" : null,
+        "severity" : null
+      }, {
+        "url" : "https://github.com/advisories/GHSA-886v-mm6p-4m66",
+        "scoring_system" : null,
+        "severity" : null
+      }, {
+        "url" : "https://github.com/amark/gun",
+        "scoring_system" : null,
+        "severity" : null
+      } ]
+    } ]
   } ]
 }

advisor/src/funTest/kotlin/OsvFunTest.kt

@@ -63,7 +63,8 @@ class OsvFunTest : StringSpec({
             .readValue<Map<Identifier, List<AdvisorResult>>>()
         val osv = createOsv()
         val packages = listOf(
-            "NPM::glob-parent:5.1.1"
+            "NPM::glob-parent:5.1.1",
+            "NPM::gun:0.7.0" // Package without severity, but with severity inside the databaseSpecific JSON object.
         ).map { identifierToPackage(it) }
 
         val packageFindings = osv.retrievePackageFindings(packages).mapKeys { it.key.id }