✨ use single semver library

[azych]

There are currently two libraries being used directly in the code to deal with semver: github.com/Masterminds/semver/v3 and github.com/blang/semver/v4.
This PR tries to elimitate one of them (blang/semver), since the second library seems to be covering all use cases where blang was being used.
This has a direct impact on security as well as readability and general development, because we won't be needing to deal with different types that ultimately handle the same thing.

At this stage, this is meant to be a draft looking for opinions and any considerations which would explain why this shouldn't be done. I have not looked into masterminds NewVersion() vs StrictNewVersion() for example and if there would be a need to use the latter.

Rationale for choosing to go with mastermind's lib in this draft was that we only used two methods from blang that mm covered and used a lot more functionality of mm that blang didin't cover (or at least doesn't seem to cover).

Note: blang/semver still remains as an indirect dependency, potentially because of use in declcfg.

Reviewer Checklist

• API Go Documentation
• Tests: Unit Tests (and E2E Tests, if appropriate)
• Comprehensive Commit Messages
• Links to related GitHub Issue(s)

[netlify]

✅ Deploy Preview for olmv1 ready!

Name	Link
🔨 Latest commit	b3bf459
🔍 Latest deploy log	https://app.netlify.com/sites/olmv1/deploys/67810315f0ff730008601dc7
😎 Deploy Preview	https://deploy-preview-1565--olmv1.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[codecov]

Codecov Report

Attention: Patch coverage is 66.66667% with 5 lines in your changes missing coverage. Please review.

Project coverage is 66.65%. Comparing base (fff1896) to head (b3bf459).
Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
catalogd/internal/version/version.go	0.00%	4 Missing ⚠️
internal/resolve/resolver.go	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1565      +/-   ##
==========================================
- Coverage   66.68%   66.65%   -0.04%     
==========================================
  Files          57       57              
  Lines        4584     4585       +1     
==========================================
- Hits         3057     3056       -1     
- Misses       1302     1304       +2     
  Partials      225      225              

Flag	Coverage Δ
e2e	52.72% <72.72%> (ø)
unit	53.58% <60.00%> (-0.04%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[azych]

It was brought up that there are changes in how github.com/blang/semver/v4 and github.com/Masterminds/semver/v3 handles version ranges.

Because OLM v0 used github.com/blang/semver/v4, registry+v1 bundles and their authors might still rely on those specific differences in handling. This means that for as long as registry+v1 bundles are supported by OLM v1 (or we can confirm it otherwise somehow), github.com/blang/semver/v4 needs to remain alongside any other semver handling lib to ensure version ranges are handled in a compatible and expected way.
For additional context, see OLM v1 Version Ranges RFC.

I am closing this PR and will be adding comments with context to the code in a separate one.

@joelanford @bentito @thetechnick