Claircore does not fetch Oracle ELSAs from the current year

[RTann]

As of at least v1.5.31, Claircore does not fetch Oracle Linux vulnerabilities from the current year. See https://github.com/quay/claircore/blob/v1.5.31/oracle/updaterset.go#L13

Fxing this brings an opportunity to improve the Oracle Linux support:

• https://linux.oracle.com/security/oval/ provides version-specific OVAL files. Perhaps Claircore can switch to those
• If switching to those, there will no longer be a need for hardcoding releases in https://github.com/quay/claircore/blob/v1.5.31/oracle/releases.go. Instead, Oracle Linux vuln updater can essentially mimic something like Alpine: https://github.com/quay/claircore/blob/v1.5.31/alpine/updater.go (have an UpdaterSet Factory and search for versions from 6 - whatever)

[crozzy]

Yeah that's weird, nothing in the commit adding the UpdaterSet alludes to purposefully missing the current year. I think the approach seems reasonable (we'd need to workout deleting old vulns as I think the updater name would be different).

[BradLugo]

#1509 provides a rudimentary, short-term fix. We should still revisit @RTann's ideas for further improvements.