Report vulnerabilities associated with an SBOM/PURL inventory

We've developed a private script that takes an SBOM/PURL inventory as input, vets the PURLs with the VulnerableCode DB, and outputs a vulnerability report as a `.xlsx` file.  We plan to use this script as the basis for integrating this capability into [ScanCode.io](https://github.com/nexB/scancode.io).