Convert a SPDX purl externalReference into the item level purl field

Signed-off-by: David Leadbeater <dgl@dgl.cx>

Author: dgl

src/CycloneDX.Spdx.Interop/Converters/v2_3/Helpers/Component/ExternalRefs.cs

@@ -143,6 +143,11 @@ public static void AddSpdxExternalRefs(this Component component, List<ExternalRe
                             refPropValue = $"{extRef.ReferenceLocator} {extRef.Comment}";
                         }
                         component.Properties.AddSpdxElement(refPropName, refPropValue);
+
+                        if (refPropName == PropertyTaxonomy.EXTERNAL_REFERENCE_PACKAGE_MANAGER_PURL)
+                        {
+                            component.Purl = refPropValue;
+                        }
                     }
                 }
             }

tests/CycloneDX.Spdx.Interop.Tests/Resources/Spdx/v2.3/document.json

@@ -186,6 +186,7 @@
       "licenseDeclared": "NOASSERTION",
       "name": "Jena",
       "primaryPackagePurpose": "APPLICATION",
+      "purl": "pkg:maven/org.apache.jena/apache-jena@3.12.0",
       "versionInfo": "3.12.0"
     },
     {

tests/CycloneDX.Spdx.Interop.Tests/__snapshots__/ConverterTests.FromSpdxToCDXTest_v2.2document.snap

@@ -268,6 +268,7 @@
       "name": "Jena",
       "version": "3.12.0",
       "copyright": "NOASSERTION",
+      "purl": "pkg:maven/org.apache.jena/apache-jena@3.12.0",
       "externalReferences": [
         {
           "url": "https://search.maven.org/remotecontent?filepath=org/apache/jena/apache-jena/3.12.0/apache-jena-3.12.0.tar.gz",

tests/CycloneDX.Spdx.Interop.Tests/__snapshots__/ConverterTests.FromSpdxToCDXTest_v2.3document.snap

@@ -280,6 +280,7 @@
       "name": "Jena",
       "version": "3.12.0",
       "copyright": "NOASSERTION",
+      "purl": "pkg:maven/org.apache.jena/apache-jena@3.12.0",
       "externalReferences": [
         {
           "url": "https://search.maven.org/remotecontent?filepath=org/apache/jena/apache-jena/3.12.0/apache-jena-3.12.0.tar.gz",