Fix OSCAP CVE Check

The Check CVE stage does not currently work correctly for images that have OpenSCAP CVE findings that also have a package path in the VAT. ExampleL https://repo1.dso.mil/dsop/gitlab/gitlab/gitlab-workhorse/-/jobs/2370500

We need to parse out the package path for these findings the same way the VAT is so the vuln set can match the whitelist set.