Check the CVE list consistency in data/DLA/list and data/ELA/list

Today we noticed that ELA-997-1/python3.5 referenced a 'CVE-2022-4856' typo (in addition to 'CVE-2022-48560' and 'CVE-2022-48564', so with a missing last digit).
https://www.freexian.com/lts/extended/updates/ela-997-1-python3.5/
https://deb.freexian.com/extended-lts/tracker/CVE-2022-4856

CVE-2022-4856 is unrelated to python and points to a NFU.

It was suggested to improve the security-tracker post-commit hook to make sure each CVE is related to the fixed package. However a better place to put this check is in gen-DSA (and gen-DLA). For more about this see the discussion below.

If you're interested in this task, please check whether this is sensible (no false positive, no weird corner cases) and implement :-)