Restrict kernel patches search space

[vmezzela]

There's a corner case where is_kernel_patched() in GitHelper can mistakenly grab a commit that does not concern any patch.
The false-positive commit will result in a codestream being reported as not affected, while it actually is because the actual patch is not backported for the codestream in question.

Using git log --grep=CVE-{cve} -- patches.suse instead of git log --grep=CVE-{cve} would filter out those commits unrelated to patches.

The following code would solve the problem:

@@ -343,7 +344,10 @@ class GitHelper(Config):
         ret = subprocess.check_output(["/usr/bin/git", "-C", self.kern_src, "log",
                                        f"--grep=CVE-{cve}",
                                        f"--tags=*rpm-{kernel}",
-                                       "--pretty=oneline"])
+                                       "--pretty=oneline",
+                                       "--",
+                                       "patches.suse"])

But it slows down a lot the execution of git log because Git doesn't store which files are changed in each commit.

What we could do instead, is to keep git log as it is, and filter out commits unrelated to patches.suse only aftewards.

A cve that tigger this issue is 2024-36979.