Notify when a vulnerability changes

[Mvld3r]

Current Behavior

If a vulnerability changes after it has been created (such as having its severity changed from Unassigned to Critical), it currently doesn't trigger a notification

Proposed Behavior

Create a new notification group called VULNERABILITY_CHANGED.

Such a notification should be sent when a vulnerability is changed after it has been created, at least for changes that can trigger a change in the risk score (severity, CPE, ...), and list not only that something has changed, but also what changed.

If it is decided to also send notifications for changes in the vulnerability that don't impact the risk score (eg its description), users should be able to opt out of this subset of notifications (eg, having 2 groups : VULNERABILITY_CHANGED and VULNERABILITY_RISK_CHANGED).

Checklist

• I have read and understand the contributing guidelines
• I have checked the existing issues for whether this enhancement was already requested