fix(fuzzing): correct imports in the intermediate report fuzzing harness

[alex-ter]

It's theoretically an autogenerated file, however it's checked-in anyway, plus it's unclear whether there's a protoc-level solution and investigating that would take inordinate amount of time compared to this one-liner, given the overall fragility of the fuzzing setup.

Tested via GH actions in my fork, example of a successful run (with the fix for #5244 also applied).

Fixes #5140.

On a side note, atheris seems to be having troubles with getting maintainer time, and will fail to compile for Python 3.12+. There are also problems with Abseil (second-order dependency) building on GCC 13+, that may come up at some point too. That adds to the fragility I mentioned above.

Longer story based on the investigation notes if you're interested

This particular fuzzing script is unique among the set, as it imports one protobuf-generated module, which in turn imports another one (cve_data_pb2). All other ones are one-level only. The specific format of the import generated by protoc + some peculiarity of how the atheris.Fuzz() is running the whole process leads to two distinct invocations of the import. One works fine, because the package is well-defined, and another one fails, because it's not. The stack traces I've added are below for illustration.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
name: fuzz.generated.intermediate_report_pb2
package:fuzz.generated
  File "/home/runner/work/cve-bin-tool/cve-bin-tool/fuzz/fuzz_intermediate_report_merge.py", line 14, in <module>
    import fuzz.generated.intermediate_report_pb2 as intermediate_report_pb2
  File "<frozen importlib._bootstrap>", line 1027, in _find_and_load
  File "<frozen importlib._bootstrap>", line 1006, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 688, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 883, in exec_module
  File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
  File "/home/runner/work/cve-bin-tool/cve-bin-tool/fuzz/generated/intermediate_report_pb2.py", line 18, in <module>
    traceback.print_stack(file=sys.stdout)
YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
name: intermediate_report_pb2
package:
  File "/home/runner/work/cve-bin-tool/cve-bin-tool/fuzz/fuzz_intermediate_report_merge.py", line 56, in <module>
    atheris.Fuzz()
  File "/opt/hostedtoolcache/Python/3.10.16/x64/lib/python3.10/site-packages/atheris_libprotobuf_mutator/helpers.py", line 56, in TestOneProtoInputImpl
    def TestOneProtoInputImpl(data: bytes):
  File "<frozen importlib._bootstrap>", line 1027, in _find_and_load
  File "<frozen importlib._bootstrap>", line 1006, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 688, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 883, in exec_module
  File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
  File "/home/runner/work/cve-bin-tool/cve-bin-tool/fuzz/generated/intermediate_report_pb2.py", line 18, in <module>
    traceback.print_stack(file=sys.stdout)
YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY

[alex-ter]

Rebased onto main to fix the mypy and black check failures.