ROX-30576: Copy repo 2 cpe to bundle root

[dcaravel]

Adds a copy of the repository-to-cpe.json file to root of the diff and offline bundles to address an issue where newer Central instances are not returning repository-to-cpe.json from the bundles rhelv2/ dir.

Testing

Verified via the PR's CI artifacts that the copy of the file exists in both locations:

$ cd offline-dump/scanner-vuln-updates/scanner-defs 
$ find . -iname "repository-to-cpe*" -exec ls -l {} \;
-rw-r--r--@ 1 dcaravel  staff  1429794 Aug 20 19:49 ./repository-to-cpe.json
-rw-r--r--@ 1 dcaravel  staff  1429794 Aug 20 19:49 ./rhelv2/repository-to-cpe.json

$ cd diff-dumps-inspect
$ find . -iname "repository-to-cpe*" -exec ls -l {} \;
-rw-r--r--@ 1 dcaravel  staff  1429794 Aug 21 01:47 ./repository-to-cpe.json
-rw-r--r--@ 1 dcaravel  staff  1429794 Aug 21 01:47 ./rhelv2/repository-to-cpe.json

Also deployed ACS in offline mode with a remote secured cluster. Uploaded the offline-dump from this PR's CI run (roxctl scanner upload-db ...) and then observed scanner successfully pulling the file.

Also sent requests directly to the Central API to verify the same:

$ curl -ksS -H "Authorization: Bearer $ROX_API_TOKEN" "https://$ROX_ENDPOINT/api/extensions/scannerdefinitions?uuid=5e26731f-a57e-454a-89af-12417096cd75&file=rhelv2/repository-to-cpe.json"

{"data":{"3scale-amp-2-for-rhel-8-ppc64le-debug-rpms":{"cpes"...

For sanity, also uploaded the live offline bundle from roxctl scanner download-db ... and observed errors in scanner logs and when hitting the API directly:

{"Event":"definition not found: https://sensor.stackrox.svc/scanner/definitions?file=rhelv2%2Frepository-to-cpe.json\u0026uuid=5e26731f-a57e-454a-89af-12417096cd75","Level":"warning","Location":"fetcher.go:45","Time":"2025-08-21 19:39:25.733634"}

curl -ksS -H "Authorization: Bearer $ROX_API_TOKEN" "https://$ROX_ENDPOINT/api/extensions/scannerdefinitions?uuid=5e26731f-a57e-454a-89af-12417096cd75&file=rhelv2/repository-to-cpe.json" -i

HTTP/2 404 
vary: Accept-Encoding
content-type: text/plain; charset=utf-8
content-length: 28
date: Thu, 21 Aug 2025 19:31:09 GMT

No scanner definitions found

Was unable to test online mode because the URL is hardcoded in Central.

[openshift-ci]

@dcaravel: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-tests	ff6c105	link	false	/test e2e-tests

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.