gnutls: add GnuProject source_provenance (un-dark the vuln scan, surfaces CVE-2025-32988)

[bryan-minimal]

What

Adds source_provenance = GnuProject "gnutls" to gnutls's build.ncl.

Why

gnutls was one of the 66 "dark" packages — no source_provenance, so the vuln scanner never queried it and reported 0/0/0. It's actually sitting on a HIGH: CVE-2025-32988 affects the pinned 3.8.9.

GnuProject "gnutls" → pkg:generic/gnu/gnutls, which resolves via the existing cpe_remap (gnu:gnutls) — so no supply-chain change is needed, the scan path (pm#193) lights up immediately.

Verified locally

• pkgmgr vulns --package gnutls → now reports CVE-2025-32988 (HIGH) (was 0/0/0).
• pkgmgr check --package gnutls → still resolves cleanly (up-to-date at 3.8.9). Note: the fix is in the unreleased 3.8.10, so there's no bump available yet — this is a track-until-fix-ships HIGH, surfaced now instead of hidden.

First of the dark-package provenance backfill from the 66-package audit (wf w4kghqujr). mesa + dnsutils follow (those also need a cpe_remap row in supply-chain).

🤖 Generated with Claude Code

[coderabbitai]

Warning

Review limit reached

@bryan-minimal, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 1 hour, 32 minutes, and 23 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 7aa11403-77d8-483e-bb18-8de9f7add4d8

📥 Commits

Reviewing files that changed from the base of the PR and between 263ba22 and b0583ec.

📒 Files selected for processing (1)

• packages/gnutls/build.ncl

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dark-gnutls-provenance

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}