github actions: validate-kernel-commits: Add --check-cves

This causes check_kernel_commits.py to check the kernel's vulns
database to ensure the CVEs referenced in the commit are correct,
check for missing CVE references, and to add CVE references
to suggested upstream bugfixes

Author: bmastbergen

.github/workflows/validate-kernel-commits.yml

@@ -38,7 +38,7 @@ jobs:
       - name: Run upstream fixes check
         id: check-kernel-commits
         run: |
-          python3 check_kernel_commits.py --repo . --pr_branch "${{ github.head_ref }}" --base_branch "${{ github.base_ref }}" --markdown | tee result.txt
+          python3 check_kernel_commits.py --repo . --pr_branch "${{ github.head_ref }}" --base_branch "${{ github.base_ref }}" --markdown --check-cves | tee result.txt
           # Save non-empty results for PR comment
           if grep -q -v "All referenced commits exist upstream and have no Fixes: tags." result.txt; then
             echo "has_findings=true" >> $GITHUB_OUTPUT