Code review comment for ~pfsmorigo/ubuntu-cve-tracker:pfsmorigo/priority-reason

Thanks for the feedback. About the questions...

1. Leaving just as Reason feels vague but I'm ok to use it instead. This change also works for the package priority so, for instance, Priority-Reason_koffice would be just Reason_koffice.

2 and 3. I'm ok with both alternatives as long as we have a good way to parse it properly. Maybe parentesis like we do for package states: "Priority: low (it is not a real vulnerability)"

4. Not sure. We can always check git for the author. Not sure if it matters for the person browsing the CVE.

5. If we go with 2 and 3 suggestions, only the boilerplates that has a low/high/critical would be modified. Nowadays only one boilerplate has low (thunderbird). Now, if we make it mandatory, we would need to change all CVE that fits the criteria.

6. check-syntax uses a function in cve_lib.py to verify the CVEs. I just added an additional check there for the priority reason.