Expand truncated git commit ids and fix typos

[progval]

One truncated id (da3a703213e47d87682f6970ca2db8d05a4ada2) remains in statements/CVE-2019-10156/statement.yaml because I was not able to locate this commit.

Most of them were fixed with this Python script, with some manual fixes:

from pathlib import Path

import requests
import tqdm
import yaml

for path in tqdm.tqdm(list(Path(".").glob("statements/*/statement.yaml"))):
    stmt = yaml.safe_load(path.read_text())
    for fix in stmt.get("fixes", []):
        for commit in fix.get("commits", []):
            if len(commit["id"]) < 40:
                if commit["repository"].startswith("https://github.com/"):
                    slug = commit["repository"].removeprefix("https://github.com/").removesuffix(".git")
                elif commit["repository"].startswith("https://git-wip-us.apache.org/"):
                    # github redirect
                    slug = commit["repository"].removeprefix("https://git-wip-us.apache.org/repos/").removesuffix(".git")
                elif commit["repository"].startswith("https://gitbox.apache.org/repos/"):
                    # github redirect
                    slug = commit["repository"].removeprefix("https://gitbox.apache.org/repos/").removesuffix(".git")
                elif commit["repository"].startswith(("http://svn.apache.org/", "https://svn.apache.org/")):
                    # subversion, not git
                    continue
                else:
                    assert False, f"Unknown repo: {commit}"
                j = requests.get(f"https://api.github.com/repos/{slug}/commits/{commit['id']}", headers={"Authorization": "Bearer github_pat_[redacted]"}).json()
                if "status" in j:
                    print(path, j)
                    continue
                path.write_text(path.read_text().replace(commit["id"], j["sha"]))

[cla-assistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[progval]

I can't use the CLA app linked above, but I agree to the CLA:

Developer Certificate of Origin Version 1.1

Copyright (C) 2004, 2006 The Linux Foundation and its contributors. 1 Letterman Drive Suite D4700 San Francisco, CA, 94129

Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.

Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or

(b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or

(c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.

(d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved.