Add an API for the ruby-advisory-db

[postmodern]

Add an API for interacting with the database.

• Searching for advisories by CVE or gem.
• Testing if a Gem::Version is vulnerable.
• Downloading and updating a copy of the database.

[reconbot]

I'd love to put this in my ci build. Right now heroku gives some warnings and that isn't enough.

[jasnow]

How would an API work? Can you please provide an example.
Would https://github.com/rubysec/rubysec.github.io be involved?

[postmodern]

@jasnow I believe this would be a Ruby library for interacting with the ruby-advisory-db, so that other tools could interface with it in the same way that bundler-audit does.

[postmodern]

Maybe it could have a rudimentary CLI that could update the DB or query a specific advisory or gem-version.

[jasnow]

Almost:https://rubysec.com/advisories/CVE-2023-22796/

and https://github.com/lildude/jekyll-json-feed

and https://apievangelist.com/2016/09/19/providing-yaml-driven-xml-json-and-atom-using-jekyll-and-github/

[postmodern]

We could create a static JSON feed for the website as yet-another-way to get the advisory data. Might be worth creating a separate issue in the website repo.