fix: Improve nghttp2 heuristics

The version number can appeaer:
- After a `nghttp2_` method name
- Before `:authority` or `:method`

Author: qmfrederik

cve_bin_tool/checkers/nghttp2.py

@@ -19,5 +19,8 @@ class Nghttp2Checker(Checker):
     VERSION_PATTERNS = [
         r"nghttp2/([0-9]+\.[0-9]+\.[0-9]+)",
         r"([0-9]+\.[0-9]+\.[0-9]+)\r?\nnghttp2[-_]",
+        r"nghttp2_[a-z_]+\r?\n([0-9]+\.[0-9]+\.[0-9]+)\r?\n",
+        r"([0-9]+\.[0-9]+\.[0-9]+)\r?\n:authority",
+        r"([0-9]+\.[0-9]+\.[0-9]+)\r?\n:metho",
     ]
     VENDOR_PRODUCT = [("nghttp2", "nghttp2")]

test/condensed-downloads/libnghttp2-1.64.0-1-x86_64.pkg.tar.zst.tar.gz

@@ -8,6 +8,16 @@
         "version": "1.18.1",
         "version_strings": ["1.18.1\nnghttp2-"],
     },
+    {
+        "product": "nghttp2",
+        "version": "1.64.0",
+        "version_strings": ["1.64.0\n:metho"],
+    },
+    {
+        "product": "nghttp2",
+        "version": "1.59.0",
+        "version_strings": ["1.59.0\n:authority"],
+    },
 ]
 package_test_data = [
     {
@@ -40,4 +50,17 @@
         "product": "nghttp2",
         "version": "1.41.0",
     },
+    {
+        "url": "https://mirror.msys2.org/msys/x86_64/",
+        "package_name": "libnghttp2-1.64.0-1-x86_64.pkg.tar.zst",
+        "product": "nghttp2",
+        "version": "1.64.0",
+        "other_products": ["gcc"],
+    },
+    {
+        "url": "http://security.ubuntu.com/ubuntu/pool/main/n/nghttp2/",
+        "package_name": "libnghttp2-14_1.59.0-1ubuntu0.1_amd64.deb",
+        "product": "nghttp2",
+        "version": "1.59.0",
+    },
 ]