Follow up: align vulnerability report HTML asset references with selected graph output format

[coderabbitai]

Summary

The vulnerability report page generator currently hardcodes SVG asset references in the generated HTML, but the graph generator only writes SVG files when --svg-output is enabled.

This can produce broken image links in at least two cases:

• page generation runs without SVG graph generation
• graphs are generated with PNG output only

Rationale

The HTML template and the graph writer should stay aligned so the generated page never points to files that were not created.

Affected area

• scripts/vulnerability_report.py
  • generate_page()
  • main() / page-generation call site
  • related argument validation in check_args() if SVG must be required for page generation

Required changes

Implement one of the following approaches:

1. Require SVG output whenever page generation is requested, or
2. Pass the selected output format into the page template and reference the generated asset type consistently

Also ensure page-only runs cannot emit HTML that references missing graph files.

Acceptance criteria

• The generated HTML references files that are actually produced by the selected graph output settings
• --generate-page cannot succeed with broken graph links caused by format mismatch
• The logic between graph generation and page rendering is consistent and easy to follow

Backlinks

• Reported from PR LCORE-2631: Generate HTML page with vulnerability report #2010: LCORE-2631: Generate HTML page with vulnerability report #2010
• Review comment: LCORE-2631: Generate HTML page with vulnerability report #2010 (comment)

Requested by: @tisnik