Add caching of parsed CVE feeds during vulncheck hydration, don't save revised feeds until hydration is complete

[iansltx]

On my local, this gets us a differential vulns feed update (for this part of it) in under 90 seconds, vs. taking on the order of...40 minutes, I think? RAM usage is a few GB, but we have headroom on GitHub Actions and the performance increase is worth it.

Checklist for submitter

If some of the following don't apply, delete the relevant line.

• Changes file added for user-visible changes in changes/, orbit/changes/ or ee/fleetd-chrome/changes.
  See Changes files for more information.
• Added/updated automated tests
• A detailed QA plan exists on the associated ticket (if it isn't there, work with the product group's QA engineer to add it)
• Manual QA for all new/changed functionality

[codecov]

Codecov Report

Attention: Patch coverage is 72.72727% with 6 lines in your changes missing coverage. Please review.

Project coverage is 63.97%. Comparing base (e2152cd) to head (9569e97).

Files with missing lines	Patch %	Lines
server/vulnerabilities/nvd/sync/cve_syncer.go	72.72%	4 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #26801      +/-   ##
==========================================
- Coverage   63.99%   63.97%   -0.03%     
==========================================
  Files        1695     1695              
  Lines      161583   161643      +60     
  Branches     4300     4300              
==========================================
+ Hits       103405   103409       +4     
- Misses      50153    50206      +53     
- Partials     8025     8028       +3     

Flag	Coverage Δ
backend	64.74% <72.72%> (-0.03%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.