Code review comment for ~eslerm/ubuntu-cve-tracker:sync-nvd

Updating documentation is not sufficient IMO - the code should be robust and define sensible default since not everyone will have updated their local configuration before using this new code. FWIW I found this since I tried testing this and it failed as I do not have a nvd2_loc defined in my ~/.ubuntu-cve-tracker.conf