To make it possible to generate SBOMs from Renovate data, we can create
a CLI to consume Renovate debug log, or renovate-graph exports, and then
produce an SBOM for that data.

This takes advantage of the internal handling we have in DMD for the
Renovate exports, and converts it to the underlying SPDX or CycloneDX
models.

This introduces:

- The scaffolding for the CLI
- The ability to convert Renovate's `PackageManager`/`Datasource`
  combination to a Package URL via the new `PurlTypeDeriver` type
- Support for the latest SPDX and CycloneDX specs (with JSON output)
- The ability to add new formats

Closes #55.