chore: add explanations to TRIAGE.vex

[terriko]

• related: docs: Explaining our TRIAGE.vex file #3995

In #3969, @mastersans has added a TRIAGE.vex file. Right now it marks our false positives but doesn't give a whole lot of detail as to why these things are false positives. In most cases right now, it's detecting a library with the sane name that's clearly written in another language and is not the same package, but that's not inherently obvious on a per-CVE basis.

I'd like to add some human readable explanation to the file. I forget off the top of my head if it's comments or remarks and what part of the data structure it should go in, but there should be a way to do this.

[mastersans]

If anyone want to tackle this issue, you can ping me too if you need any help or if you got stuck somewhere.

[terriko]

Tagging @mastersans to look at this more -- we may need to switch to triage.json and fix some of the entries.