Enable CISA KEV connector to upsert KEV flag on existing CVEs

[Copilot]

The CISA KEV connector set x_opencti_cisa_kev=true when creating Vulnerability entities, but did not persist that flag for CVEs already present in OpenCTI from other ingestion paths. This change ensures KEV tagging is applied consistently to existing Vulnerability records as well.

• Behavior change: send bundles in update mode

  • Updated the CISA KEV connector bundle submission path to use upsert semantics, so incoming Vulnerability objects with deterministic IDs can update existing entities (including x_opencti_cisa_kev) instead of only creating new ones.

• Scope

  • Single, targeted change in connector send path; no expansion of enrichment surface or relationship/model logic.

self.helper.send_stix2_bundle(
    serialized_bundle,
    work_id=work_id,
    update=True,
)