Detect and do something smart with git SHA ranges and dates

[mbauman]

Some advisories (e.g., https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-35735) use git version ranges. It'd be good to handle them in a smarter fashion, or we should at least know we shouldn't do a lexicographic compare between things-that-look-like-git-shas. Not a big deal since very few advisories (and even fewer relevant ones) do this.

Similarly, some advisories (e.g., https://nvd.nist.gov/vuln/detail/CVE-2025-8851) use date ranges.