refer to TSV, not CSV, file format
add reference links

The reference links are important; they (always?) link to patches,
which give very useful information about the nature of the
vulnerability. The reason they weren't included until now is because
a CVE entry may have multiple reference links. There are a number
of ways to handle this; a simple way, which is now implemented, is
to add a new column "reference" which contains at most one URL, and
deal with multiple URLs per CVE by replicating the row, changing only
the patch link.

This isn't the right solution in all cases, which is why the
underlying entry data structure supports multiple references. This
should allow rendering the dataset to different formats, such as
NoSQL databases, which might be useful AT SCALE.
close an HTML file as soon as possible
put variable decls on one line
add scrape script
add vulns.csv, with contributing info in readme
extract vuln and component from certain headings

Older bulletins used headings of the form

	<vuln> in <component>

, with the tables not including this information.
This patch extracts the information when the heading
has that form.
fix another bug

All columns appear to have valid values, but the table may still be
missing data.
simplify; fix regressions
remove vulns.csv
README.md: improve
fix a little bug
much improved, with room to grow
refactor; steal some ideas from wike-table-scrape
try to clean some stuff up
check in vulns.csv

The data is not entirely right because the scraper assumes a consistent
format. This CSV is being checked in so that we can compare it to the
next iteration of the scraper to ensure it is making progress.
rename notes -> README