Add support for ingesting CycloneDX v1.5

Why are we doing this work

CycloneDX specification Version 1.5 has been available since 2022-06-23.

We'd like to be able to use it in our SBOMs.

Original defect report: #431406 (closed)

Cyclonedx sbom ingestion needs to be updated to support specVersion 1.5 in addition to 1.4.

Add cyclonedx 1.5 schema
- Create app/validators/json_schemas/cyclonedx/
- Move existing json schema under app/validators/json_schemas/cyclonedx/bom-1.4.schema.json
  - This should be a copy of the one on github
- Add cyclonedx spec version 1.5 under app/validators/json_schemas/cyclonedx/.
Update the parser to remove the supported_spec_version? check
- https://gitlab.com/gitlab-org/gitlab/-/blob/dfe1b9847f157cc90a05d036fdbc8130be5b3bdc/lib/gitlab/ci/parsers/sbom/cyclonedx.rb#L33
Update CyclonedxSchemaValidator to choose the correct schema added above in app/validators/json_schemas/cyclonedx/ by using report_data['specVersion']
- Return an error like CyclonedxSpecVersionUnsupported if it doesn't match 1.4 or 1.5.
- If version does exist choose the correct json schema for validation https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator.rb#L26

Edited Dec 13, 2023 by Igor Frenkel