RubyGems.org UI warns of known security vulnerabilities

[mghaught]

When a developer is deciding whether to use a gem, RubyGems.org is where they land. But the gem page shows no indication of known security vulnerabilities, even when that information exists in public databases like OSV and GitHub Advisory. The data is out there; it's just not where the decision is being made.

This adds vulnerability warnings to the RubyGems.org gem page, so developers can see known security issues before they add a dependency.

Done when:

• Known vulnerabilities from a public advisory database (OSV or equivalent) are displayed on gem pages
• Warnings are shown per version, reflecting which versions are affected
• Advisory data is kept reasonably up to date
• A link to the full advisory is provided for each warning