cve-update-db-native: consider version suffix when update CVE db

some record from NVD can merge or split suffix from version, for
example:
  CVE-2017-15906
  "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:5.0:p1:*:*:*:*:*:*"
  "cpe23Uri" : "cpe:2.3:a:openbsd:openssh:4.7p1:*:*:*:*:*:*:*"

in such case include the suffix into version when update local CVE db.

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 13cc6819)
Signed-off-by: Steve Sakoman <steve@sakoman.com>