Add validator for CycloneDX SBOM files with Freshli specific extensions

[mscottford]

It's important to have a way to validate that the extension values in the CycloneDX SBOM file are logically consistent.

• Make sure that the metadata from is included.
  • Reference Store analysis metadata in the CycloneDX SBOM #541.
• Make sure that each Component purl in the file has a corresponding freshli:libyear:* property.
  • Reference Store LibYear information in CycloneDX SBOM #542.
• Make sure that each purl that appears in a freshli:release:* property also appears as a Component in the file.
  • Reference Store package release history in CycloneDX SBOM files #540.
• Make sure that each purl in the freshli:libyear:* properties that has a non-blank value also has at least one corresponding freshli:release:* property.
  • Reference Store LibYear information in CycloneDX SBOM #542 and Store package release history in CycloneDX SBOM files #540.
• Make sure that each Component in the file has a freshli:category property.
  • Reference Categorize dependencies #539.