Implement downstream data/embedded-code-copies

Hi,

For a variety of reasons downstream (kali/kaisen linux/ELTS), may require the ability to track embedded copies of code specific to downstream in order to ensure that CVEs are appropriately triaged against packages which embed vulnerable code. Currently, in the main security tracker this information is contained in data/embedded-code-copies. Conceptually, the way that data/CVE/list (in the main security tracker) and data/CVE-EXTENDED-LTS/list (in the ELTS security tracker) interact is a good example.

I plan to add data/config.json paramater like maincvefile in order to support this and ln -s data/EMBEDDED-CODE-COPIES/list data/embedded-code-copies

Does seems a reasonable plan ?

Bastien