fix: Ignore dpkg entries that have "deinstall" status

[rkirk-nos]

Description

Ignore dpkg entries that have "deinstall" status indicating package has been removed but not purged.

When running dpkg -l these entries typically show as rc indicating the package has been removed but configuration still remains on the asset such as the following example

dpkg -l | grep -E "^rc"
rc  linux-image-6.14.0-1009-aws        6.14.0-1009.9~24.04.1                   amd64        Signed kernel image aws
rc  linux-image-6.14.0-1010-aws        6.14.0-1010.10~24.04.1                  amd64        Signed kernel image aws
rc  linux-image-6.8.0-1029-aws         6.8.0-1029.31                           amd64        Signed kernel image aws
rc  linux-image-6.8.0-1031-aws         6.8.0-1031.33                           amd64        Signed kernel image aws
rc  linux-modules-6.14.0-1009-aws      6.14.0-1009.9~24.04.1                   amd64        Linux kernel extra modules for version 6.14.0 on DESC
rc  linux-modules-6.14.0-1010-aws      6.14.0-1010.10~24.04.1                  amd64        Linux kernel extra modules for version 6.14.0 on DESC
rc  linux-modules-6.8.0-1029-aws       6.8.0-1029.31                           amd64        Linux kernel extra modules for version 6.8.0 on 64 bit x86 SMP
rc  linux-modules-6.8.0-1031-aws       6.8.0-1031.33                           amd64        Linux kernel extra modules for version 6.8.0 on 64 bit x86 SMP

Frequently this can be seen when scanning a host instance, rather than a container, where old kernel packages are automatically removed but not purged resulting in them being present in the SBOM and assigned vulnerabilities against these removed packages when performing a Grype scan.

• Fixes fix dpkg packages that are in deinstalled state should not be in SBOM #3063

Type of change

• Bug fix (non-breaking change which fixes an issue)

Checklist:

• I have added unit tests that cover changed behavior
• I have tested my code in common scenarios and confirmed there are no regressions
• I have added comments to my code, particularly in hard-to-understand sections

[spiffcs]

comments from community meeting - @spiffcs will review the notes from last week livestream where we discussed a config rule to add onto this feature, commit the config, and then add a review and get this over the line

[spiffcs]

👋 Apologies for the delay on this one from yesterday's meeting - we're going over what this might look like for grype users when grype is updated to use which ever syft this lands in. We're getting some extra opinions on the config option vs land as is and it fixes a whole bunch of FPs that otherwise people would not want. Will update and merge/contribute and review when we get a good answer on how to fit this change into grype 😄

[spiffcs]

cc @wagoodman for Monday where we can talk about the cataloger conventions and what it looks like having 4 cataloger constructors with 2 tasks when two of them are moving to deprecated status

[kzantow]

We decided that this was indeed probably just a bug, and didn't need configuration, so I reverted the PR to your original change @rkirk-nos, thanks much for your contribution!

[rkirk-nos]

@kzantow appreciate all the efforts to help land the change, thanks everyone!