Require .cveMetadata.datePublished and .cveMetadata.dateUpdated in the schema

[zmanion]

cveMetadata should require datePublished and datePublic.

In practice these are enforced by CVE Services, with possible exception for the Secretariat "client zero."

[zmanion]

The specific errors in CVEProject/cvelistV5#66 will be resolved. I believe that today, CVE Services control these dates, so the net effect is that they are required. But still require them in the schema/documentation.

[jayjacobs]

@zmanion Is this a duplicate now of #378, could we leverage one or the other? Or maybe expand 378 to encompass this?