feat(V2 Clients): Client refactor

[another-rex]

Second step of the client refactor after #1464

Changes:

• vulnerability client interface as described in the design doc, this no longer performs paging by itself.
• "Matchers" as implementations to the vulnerability interface
  • osvmatcher: Matcher that takes in a osv.dev client and gets/hydrates the vulns. This also performs paging.
  • localmatcher: Replacement/migrated version of the local package.

Commented out Local client in resolve package to be completed in the followup.

Followup: Decide and implement the VulnClients in resolution.

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 58.97436% with 144 lines in your changes missing coverage. Please review.

Project coverage is 67.02%. Comparing base (8685ceb) to head (68f51c7).
Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
...ternal/clients/clientimpl/osvmatcher/osvmatcher.go	57.63%	53 Missing and 8 partials ⚠️
internal/resolution/client/osv_offline_client.go	0.00%	34 Missing ⚠️
...al/clients/clientimpl/localmatcher/localmatcher.go	67.02%	25 Missing and 6 partials ⚠️
pkg/osvscanner/osvscanner.go	68.57%	8 Missing and 3 partials ⚠️
internal/clients/clientimpl/osvmatcher/errors.go	0.00%	4 Missing ⚠️
internal/clients/clientimpl/localmatcher/zip.go	92.00%	2 Missing ⚠️
internal/osvdev/osvdev.go	87.50%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1470      +/-   ##
==========================================
- Coverage   67.33%   67.02%   -0.32%     
==========================================
  Files         194      196       +2     
  Lines       18361    18478     +117     
==========================================
+ Hits        12363    12384      +21     
- Misses       5327     5416      +89     
- Partials      671      678       +7     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[cuixq]

Generally LGTM, just one question regarding the file structure: shall we put implementation the same folder as the interface?
when we have more interfaces and implementation in the future, it will be tricky to track which interface an implementation implements.

[another-rex]

shall we put implementation the same folder as the interface?

I'm thinking that the interfaces will be moved to osv-scalibr at some point, so we shouldn't couple them in the same package. They are already under the same parent directory of clients, I think that's probably as close as I can get them?

[another-rex]

Paging impl has been extracted and moved to the matcher rather than the client.