feat: support Bom.compositions

[madpah]

Adds support for bom.compositions as part of fulfilling #581.

[codacy-production]

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation	Diff coverage
✅ -0.14%	✅ 87.16% (target: 80.00%)

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (6d1bc5b)	4472	4153	92.87%
Head commit (eda7e7b)	4580 (+108)	4247 (+94)	92.73% (-0.14%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#607)	109	95	87.16%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

_{Codacy will stop sending the deprecated coverage status from June 5th, 2024. Learn more}

[jkowalleck]

❓
what is the purpose of this class?
why not use simple BomRef instances instead?

[madpah]

Think there was a structural reason - let me check @jkowalleck

[madpah]

Yes - it was added for structural reasons - happy to leave as is @jkowalleck ?

[jkowalleck]

i do not understand. what were these structural reasons?
I mean everybody ysing the library would ask the same question I did.

from the schema it looks like all these compositions.assembies and compositions.dependencies are simple sets of BomRef.
see https://github.com/CycloneDX/specification/blob/8e131b1688ccfe41e1bfdd4b3280f33dcc06d04c/schema/bom-1.6.schema.json#L2235-L2252

[jkowalleck]

@madpah ,
Could you rebase on latest master and fix the conflicts.
I had to do some style-changes(#643) to make the review easier.
Sorry for the inconvenience.