Why need this Task?

Need to understand the VEX format for better detection on EUS vs non subscription products.

Description:

There is no clear difference in VEX format for RHEL 9 and  RHEL 9.6 EUS under  https://access.redhat.com/errata/RHSA-2025:9978. This advisory provides updates for `sudo` on version 9 and its subscription model.

Example:

• Red Hat Enterprise Linux for x86_64 9
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6

However, in the VEX link https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32462.json, there are `product_id` describes only `MAIN.EUS` as described below:

```
"BaseOS-9.6.0.Z.MAIN.EUS:sudo-0:1.9.5p2-10.el9_6.1.x86_64"
...

"AppStream-9.6.0.Z.MAIN.EUS:sudo-0:1.9.5p2-10.el9_6.1.x86_64"

```

Issue 1:

Since 9.6 is the current version, should a scanner assume that any remediation/fixes for `9.6.0.Z.MAIN.EUS` can be applied for BOTH regular RHEL 9 (no subscription), and a system running RHEL 9 subscription (major minor locked) such as EUS?

From a parser perspective, it's not clear which behavior we need to take. Example from previous VEX investigation, we have seen patterns like:

```
BaseOS-9.4.0.Z.EUS
BaseOS-9.4.0.Z.MAIN.EUS
BaseOS-9.5.0.GA
BaseOS-9.5.0.Z.MAIN
```

Since EUS repositories are restricted addons subscription. I was wondering why there are no `9.6.0.GA` or `9.6.0.Z.MAIN` entry

```
BaseOS-9.6.0.GA
BaseOS-9.6.0.Z.MAIN
```

or  `MAIN.EUS` is an update for both MAIN and EUS? 

Can you please provide as well a link which describe the difference between these product ids?

Issue 2:
Are you going to keep the same format `9.6.0.Z.MAIN.EUS` for ALL packages while 9.6 is the current version available?

Acceptance Criteria: 

• Let clear the difference for updates that affect RHEL 9 vs any RHEL 9 with subscription
• Provide a documentation for `product_id` and its difference 
• Provide guidance for package updates while 9.6 is current release
• Explain what is is `MAIN.EUS` entries