Severity field in statements is just for CVSS2 and not very useful

[MagielBruntink]

Consider removing the severity field from the statements as it can be confusing an inconsistent with CVSS3 scores:

Severity is fetched here:

vulnerability-producer/src/main/java/eu/fasten/vulnerabilityproducer/utils/parsers/NVDParser.java

Line 154 in f19766d

vulnerability.setSeverity(Severity.valueOf(cveItem.getImpact().getBaseMetricV2().getSeverity()));