vulnix: 1.6.3 -> 1.7

The updated version brings selective whitelisting, i.e. when some CVEs
of a package are whitelisted and others are not, only the new CVEs are
reported.

Also correct license to match upstream BSD-3-Clause and clean up source.