Fix Check CVE Stage

The Check CVE stage does not check package_path which can allow the Check CVE stage to pass in the pipeline, while the VAT displays a new unapproved finding.

AC

• Check CVE stage compares findings in the same way that the VAT does. (Include package_path from Whitelist and pipeline's Findings)
• Test that galvanize/galvanize/java-code-evaluator properly fails the Check CVE as the VAT displays one unapproved finding for CVE-2020-13956 from Anchore and has a package path of /app/send_results/libs/httpclient-4.5.13.jar OBE. This CVE has now been addressed