stdenv.meta: Fix erroneous CPE generation and documentation (#508061)

* *vendor* - can point to the source of the package, or to Nixpkgs itself

* *product* - name of the package

* *version* - version of the package

* *update* - name of the latest update, can be a patch version for semantically versioned packages

* *edition* - any additional specification about the version

* *update* - vendor-specific string part of the version string of the latest update (e.g. `rc1`, `beta`, etc...)

* *edition* - deprecated and should be set to `*`

You can find information about all of these attributes in the [official specification](https://csrc.nist.gov/projects/security-content-automation-protocol/specifications/cpe/naming) (heading 5.3.3, pages 11-13).

Any fields that don't have a value are set to either `-` if the value is not available or `*` when the field can match any value.

Any fields that don't have a value are set to either:

For example, for glibc 2.40.1 CPE would be `cpe:2.3:a:gnu:glibc:2.40:1:*:*:*:*:*:*`.

* `*` (ANY) when the field can match any value

* `-` (NA) when the value is not meaningful or not used in the description

For example, for glibc 2.40.1 CPE would be `cpe:2.3:a:gnu:glibc:2.40.1:*:*:*:*:*:*:*`.

#### `meta.identifiers.cpeParts` {#var-meta-identifiers-cpeParts}

Following functions help with filling out `version` and `update` fields:

* [`lib.meta.cpeFullVersionWithVendor`](#function-library-lib.meta.cpeFullVersionWithVendor)

* [`lib.meta.cpePatchVersionInUpdateWithVendor`](#function-library-lib.meta.cpePatchVersionInUpdateWithVendor)

For many packages to make CPE available it should be enough to specify only:

```nix

{

  # ...

  meta.identifiers.cpeParts = lib.meta.cpePatchVersionInUpdateWithVendor vendor version;

  meta.identifiers.cpeParts = lib.meta.cpeFullVersionWithVendor vendor version;

}

```

    update = "*";

  };

  /**

    Alternate version of [`lib.meta.cpePatchVersionInUpdateWithVendor`](#function-library-lib.meta.cpePatchVersionInUpdateWithVendor).

    If `cpePatchVersionInUpdateWithVendor` succeeds, returns an attribute set with `success` set to `true` and `value` set to the result.

    Otherwise, `success` is set to `false` and `error` is set to the string representation of the error.

    # Inputs

    `vendor`

    : package's vendor

    `version`

    : package's version

    # Type

    ```

    tryCPEPatchVersionInUpdateWithVendor :: String -> String -> ({ success = true; value :: { update :: String; vendor :: String; version :: String; }; } | { success = false; error :: String; })

    ```

    # Examples

    :::{.example}

    ## `lib.meta.tryCPEPatchVersionInUpdateWithVendor` usage example

    ```nix

    lib.meta.tryCPEPatchVersionInUpdateWithVendor "gnu" "1.2.3"

    => {

      success = true;

      value = {

        vendor = "gnu";

        version = "1.2";

        update = "3";

      };

    }

    ```

    :::

    :::{.example}

    ## `lib.meta.cpePatchVersionInUpdateWithVendor` error example

    ```nix

    lib.meta.tryCPEPatchVersionInUpdateWithVendor "gnu" "5.3p0"

    => {

      success = false;

      error = "version 5.3p0 doesn't match regex `([0-9]+\\.[0-9]+)\\.([0-9]+)`";

    }

    ```

    :::

  */

  tryCPEPatchVersionInUpdateWithVendor =

    vendor: version:

    let

      regex = "([0-9]+\\.[0-9]+)\\.([0-9]+)";

      # we have to call toString here in case version is an attrset with __toString attribute

      versionMatch = builtins.match regex (toString version);

    in

    if versionMatch == null then

      {

        success = false;

        error = "version ${version} doesn't match regex `${regex}`";

      }

    else

      {

        success = true;

        value = {

          inherit vendor;

          version = elemAt versionMatch 0;

          update = elemAt versionMatch 1;

        };

      };

  /**

    Generate [CPE parts](#var-meta-identifiers-cpeParts) from inputs. Copies `vendor` to the result. When `version` matches `X.Y.Z` where all parts are numerical, sets `version` and `update` fields to `X.Y` and `Z`. Throws an error if the version doesn't match the expected template.

    # Inputs

    `vendor`

    : package's vendor

    `version`

    : package's version

    # Type

    ```

    cpePatchVersionInUpdateWithVendor :: String -> String -> { update :: String; vendor :: String; version :: String; }

    ```

    # Examples

    :::{.example}

    ## `lib.meta.cpePatchVersionInUpdateWithVendor` usage example

    ```nix

    lib.meta.cpePatchVersionInUpdateWithVendor "gnu" "1.2.3"

    => {

      vendor = "gnu";

      version = "1.2";

      update = "3";

    }

    ```

    :::

    :::{.example}

    ## `lib.meta.cpePatchVersionInUpdateWithVendor` usage in derivations

    ```nix

    mkDerivation rec {

      version = "1.2.3";

      # ...

      meta = {

        # ...

        identifiers.cpeParts = lib.meta.cpePatchVersionInUpdateWithVendor "gnu" version;

      };

    }

    ```

    :::

  */

  cpePatchVersionInUpdateWithVendor =

    vendor: version:

    let

      result = tryCPEPatchVersionInUpdateWithVendor vendor version;

    in

    if result.success then result.value else throw result.error;

}

  inherit (lib.meta)

    availableOn

    cpeFullVersionWithVendor

    tryCPEPatchVersionInUpdateWithVendor

    ;

  inherit (lib.generators)

      success = true;

      value = cpeFullVersionWithVendor vendor version;

    })

    tryCPEPatchVersionInUpdateWithVendor

  ];

  # The meta attribute is passed in the resulting attribute set,