Improve simplified vulnerable version ranges calculation

[AMDmi3]

We can have thousands of vulnerable version ranges for a popular project, which are too slow too lookup against actual versions to determine their vulnerable status. To cope with that, we simplify vulnerable ranges using a simple algorithm:

• take largest range which doesn't have left bound (e.g. (-∞, ver))
• remove all ranges covered by it
  This reduces number of ranges by 20x, but it can be further improved by at least extending the range by closed ranges intersecting it (e.g. (-∞, 1.2] + [1.1, 1.3] = (-∞, 1.3]), or, better, fair merger of all available ranges.