dotnet list package works with unlisted and prerelease packages

[zivkan]

Bug

Fixes: NuGet/Home#14477

Description

I assume that dotnet list package supported checking for deprecated and vulnerable packages sometime after it supported checking for outdated packages, because some of the method names were different to what they were actually doing, plus the code to get package metadata from package sources wouldn't get metadata about unlisted or prerelease packages, even if the project was using those packages. So, it was changed to always get metadata about prerelease and unlisted packages, and the outdated report was updated to filter out the unlisted packages.

There was some test infrastructure fixes as well. Since commands like dotnet add package run msbuild as a child process before running NuGet's main logic for the command, these child processes were failing because the child process was using the system installed dotnet, rather than the test dotnet, and global.json was forcing it to use a specific version of the sdk. Adding the test dotnet to the path fixed it, allowing --format json to capture and parse json, making validation less fragile from variable space issues.

Also needed to add support for vulnerability info on registration pages to the mock server.

PR Checklist

• Meaningful title, helpful description and a linked NuGet/Home issue
• Added tests
• Link to an issue or pull request to update docs if this PR changes settings, environment variables, new feature, etc.

[martinrrm]

LGTM, thanks for adding the infrastructure to the tests