feat: Add ability to read CPE identifiers from CycloneDX triage data

[cinix]

This change adds functionality to extract CPE identifiers from CycloneDX triage data. These identifiers can be manually corrected if the incorrect software was identified, enabling the discovery of CVEs associated with the correct software.

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 98.46154% with 1 lines in your changes are missing coverage. Please review.

Project coverage is 80.31%. Comparing base (d6cbe40) to head (5dd517f).
Report is 138 commits behind head on main.

Files	Patch %	Lines
cve_bin_tool/sbom_manager/__init__.py	98.00%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3990      +/-   ##
==========================================
+ Coverage   75.41%   80.31%   +4.90%     
==========================================
  Files         808      820      +12     
  Lines       11983    12566     +583     
  Branches     1598     1706     +108     
==========================================
+ Hits         9037    10093    +1056     
+ Misses       2593     2041     -552     
- Partials      353      432      +79     

Flag	Coverage Δ
longtests	75.52% <98.46%> (+0.10%)	⬆️
win-longtests	78.38% <98.43%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[terriko]

Just a heads up that this has some merge conflicts. I'm probably not going to get to doing a code review today so if you have a chance to fix them before I get back to it, that would be much appreciated.

[terriko]

Okay, this looks good. I feel in my heart of hearts like there may be places in the decode functions that we could/should be doing more validation because we'll absolutely get crap data in SBOMs sometimes, but I don't see anything immediately obvious. It could also use some documentation (probably just a line saying that we support this) but in the interest of keeping things moving and getting this into the pre-release i'm hoping to have tomorrow, I'm going to go ahead and merge it as is and open a couple of issues for docs and more aggressive input validation.