Update Advisory Logic to Allow Creation with Only CVE ID and Severity

[ziadhany]

We can’t create an advisory without a summary, affected packages, or references.
But what if we only have a CVE ID and a severity list, such as SUSE scores?
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

I think we should update our advisory logic to allow creating advisories in this case.

[NullPointer-cell]

@ziadhany assing me this issue