fix: hash vuln db only once on load

[lucasrod16]

Fixes #1502

This PR aims to improve the performance of LoadVulnerabilityDB when ValidateByHashOnGet is set to true

As described in the linked issue, GetStore and Status both hash the db. This PR changes Status to not hash the db by removing the call to c.Validate

As far as I can tell, Status is only used in a few places:

1. LoadVulnerabilityDB

   This should not be an issue since GetStore already hashes the db

   grype/grype/load_vulnerability_db.go

   Line 28 in e7ceffa

   status := dbCurator.Status()

2. runDBStatus

   I am unsure whether hashing the db is desired behavior for grype db status. If so, perhaps a new field could be added to db.Config to allow CLI and library users to configure this behavior?

   grype/cmd/grype/cli/commands/db_status.go

   Line 33 in e7ceffa

   status := dbCurator.Status()

3. Test_DifferDirectory

   This test doesn't appear to rely on the hashing behavior in Status

   grype/grype/differ/differ_test.go

   Line 41 in e7ceffa

   baseStatus := d.baseCurator.Status()

   
   

   grype/grype/differ/differ_test.go

   Line 47 in e7ceffa

   targetStatus := d.targetCurator.Status()

[lucasrod16]

Based on my local benchmark results and a sample program that calls LoadVulnerabilityDB executed with time, removing hash validation from Status reduced runtime duration by ~0.8s

go test ./grype -bench=BenchmarkLoadVulnerabilityDB -benchtime=20x

[lucasrod16]

As suggested in the linked issue, I also ran benchmarks using io.CopyBuffer and a bufio.Reader with buffer sizes ranging from 64kb - 1mb in HashFile, and there were no noticeable performance improvements.

[lucasrod16]

Hi @wagoodman,

I noticed that this pull request has been pending for a while. Is there anything needed from me? Please let me know if there are any updates required.

Thanks!

[wagoodman]

thanks for the work on this @lucasrod16 I've also attached this to a v6 schema issue to help prevent regression here