Migrate all advisories to V2 format (closes #228)

As announced in #228, this commit migrates all advisories to the new V2
format, which splits version information into a separate section, and
now has a structure which corresponds to the internal code structure of
the `rustsec` crate.

This is a breaking change for users of `cargo-audit` < 0.9, and anyone
who has written a 3rd party advisory format parser.

crates/hyper/RUSTSEC-2016-0002.toml

@@ -6,7 +6,6 @@ url = "https://github.com/hyperium/hyper/blob/master/CHANGELOG.md#v094-2016-05-0
 title = "HTTPS MitM vulnerability due to lack of hostname verification"
 categories = ["crypto-failure"]
 keywords = ["ssl", "mitm"]
-patched_versions = [">= 0.9.4"]
 references = ["RUSTSEC-2016-0001"]
 description = """
 When used on Windows platforms, all versions of Hyper prior to 0.9.4 did not
@@ -21,3 +20,6 @@ hostname verification.
 
 [affected]
 os = ["windows"]
+
+[versions]
+patched = [">= 0.9.4"]

crates/hyper/RUSTSEC-2017-0002.toml

@@ -1,7 +1,6 @@
 [advisory]
 id = "RUSTSEC-2017-0002"
 package = "hyper"
-patched_versions = [">= 0.10.2", "< 0.10.0, >= 0.9.18"]
 date = "2017-01-23"
 url = "https://github.com/hyperium/hyper/wiki/Security-001"
 title = "headers containing newline characters can split messages"
@@ -14,3 +13,6 @@ is if an application constructs headers based on unsanitized user input.
 This issue was fixed by replacing all newline characters with a space during serialization of
 a header value.
 """
+
+[versions]
+patched = [">= 0.10.2", "< 0.10.0, >= 0.9.18"]