Convert security data api to a bugzilla api.
Turns out we have a race condition with the security data api. It only gets
updated an hour or so after the advisory ships and we get triggered. This
means that in practice, freshmaker would never trigger since it would always
come up with "unknown" for the severity on any event.
This moves the code to query bugzilla instead, which is the source of the
severity information.