Case sensitive package name in OSV API

[keshav-space]

OSV API isn't case insensitive and this particularly creates problem for NuGet which doesn't have any naming convention for the package names.

Let's say we want to fetch vulnerability for moment.js

It doesn't work when we use moment.js in the name parameter

❯ curl -X POST -d \
  '{"version": "2.18.0",
    "package": {"name": "moment.js", "ecosystem": "NuGet"}}' \
  "https://api.osv.dev/v1/query"

{}%

But works well if we use Moment.js instead

❯ curl -X POST -d \
  '{"version": "2.18.0",
    "package": {"name": "Moment.js", "ecosystem": "NuGet"}}' \
  "https://api.osv.dev/v1/query"

{"vulns":[{"id":"GHSA-8hfj-j24r-96c4","summary":"Path Traversal: 'dir/../../filename' in moment.locale",
"details":"### Impact\nThis vulnerability impacts npm (server) users of moment.js,
...

Possible workaround:
Use SearchQueryService provided by NuGet to get the package name with the proper case.

More on how to use NuGet SearchQueryService.

• https://docs.microsoft.com/en-us/nuget/api/search-query-service-resource

[keshav-space]

completed in #788