The matching process does not need a lot of information as input. Today we not only accept syft JSON as input, but also require all of the data it produces to populate the data structures.

It would be ideal to create adapters for the required syft concepts in grype (such as pkg.Package) to separate the concerns of grype and syft as well as enable future efforts to provide the same minimal information necessary to grype without requiring the syft JSON format (e.g. accept cycloneDX as input).

Note: we should be excluding heavy information in the new adapter, specifically the pkg.Package.Metadata field.

This also implies eliminating the usage of syft data structures where they are not necessary (such as pkg.Catalog).

Note: we should still allow for the referencing of syft constants or enum-like variable/constants (such as pkg.Type and their static definition in syft) --it is probably not worth decoupling from theses basic value definitions.