scripts/check-kernel-fix: require both bsc and cvss for security fixes
cve2bsc DB might be out of sync. This could be annoying when dealing
with freshly coming CVE bugs where the bsc# is known and proposed
references addition miss the bug number.
Enforce both bsc and CVSS data for security bugs and allow to
provide/override the bug number by -b bsc#NUMBER parameter.