perf(local): avoid loading the entire advisory unless it will actually be used

[G-Rath]

Right now we always parse advisories even if we don't end up loading them into the database, which is relatively expensive at scale so now we use gjson to extract the subset of data we need from the raw bytes to determine if the advisory is relevant before we do the advisory parsing.

This is especially useful for databases with a high amount of MAL advisories since their packages are very rare, such as the NPM database (which has 209647 MAL advisories out of a total of 214057 advisories) - before this it takes about 10 seconds to do a scan, whereas after this optimization it takes about 3 seconds

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 67.80%. Comparing base (25eccbf) to head (b6cb3e2).
⚠️ Report is 33 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2450   +/-   ##
=======================================
  Coverage   67.79%   67.80%           
=======================================
  Files         172      172           
  Lines       13301    13305    +4     
=======================================
+ Hits         9018     9022    +4     
  Misses       3573     3573           
  Partials      710      710           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[another-rex]

Very nice!