The current implemetation of the starboard_vulnerability API uses data
structures with some differences from the vulnerability report
schema. This change makes the two implementations more consistent.

- `location` now has the same required fields
- `vendor` has been changed to `vendor.name`