Add clear feedback to the user when a package cannot match any vulnerabilities

[kzantow]

What would you like to be added:
Clear feedback that a package will never match anything Grype knows about.

Why is this needed:
A user can identify potential security issues in cases when Grype does not report vulnerabilities.

Additional context:
When scanning certain sources, such as openSUSE, Grype cannot match the RPM entries because there is no namespace in the database for it. As an example, if we scan with:

grype opensuse/leap:15.0 -vv

Grype does not have a namespace for openSUSE and the RPM records are effectively skipped. When running with debug logging, we see messages like this:

[0008] DEBUG no vulnerability namespaces found in grype database for distro=opensuseleap 15.0 package=perl

This is because the RPM type has a specific matcher that knows how to handle entries for specific distros, but not for this distro. It's possible the entries could be attempted by a different matcher, but in this case they aren't, and it would be good to know with some sort of more clear message that this package is never going to match anything, perhaps by some indication from each matcher attempted that it is skipped rather than just has 0 vulnerabilities.