Fix approval status for containers without any CVEs

This template is ONLY used for enhancement requests. Bug reporting or new feature request issues should use the other template options for issue submission.

Current Behavior

Approval status is pulled from the CVEs for the source image. If no CVEs are present and the container is approved, the container will fail the pipeline for check-cves on a master branch (as is the case for Tomcat-OpenJDK8 https://repo1.dso.mil/dsop/opensource/apache/tomcat-openjdk8/-/tree/development).

Purpose

The intent of this update is to allow containers that have no CVEs for the source image to correctly retrieve their approval status.

Plan

• Use updated query from Irma in check-cves stage to get approval status
• Test on Tomcat-OpenJDK8
• Test on any project that still has findings and is not approved

Acceptance Criteria

• Approvals are pulled separate from CVEs
• Containers that are approved with no CVEs get the correct approval status from the VAT query