Capycli

* fix for `bom findsources` for some JavaScript SBOMs.
* `bom show` command also lists purl and source code download url in verbose mode.
If one of the values is missing and `--forceerror` has been specified, error code 97 is returned.
* `bom show` command also lists license information in verbose mode, but
only for CycloneDX 1.6 and later.
* `bom validate` now also uses `-v` and `--forceerror` and uses the same `bom show` functionality
to check for missing purl or source code url.
* until version 2.6.0, `project create` always set the Project Mainline State of a project release either
to SPECIFIC of to the value given by `-pms`. Now **existing** Project Mainline States are kept.
* `project create` has a new parameter `--copy_from` which allows to first create a copy of the given
project and then update the releases based on the contents of the given SBOM.
* fix for `bom map` losing SBOM items when it tries to map to invalid SW360 releases.
* fix issue with setting external references (in `bom granularity`).

* `bom merge` improved: the dependencies are reconstructed, i.e. all dependencies
that existed in the SBOMs before the merge should also exist after the merge.
* `bom convert` improved: we can now convert from and to CycloneDX XML.
* new command `bom validate` to do a simple validation whether a given SBOM
complies with the CycloneDX spec version 1.4, 1.5 or 1.6.
* `bom findsources`: programming language can be `golang` or `go`.
* support for the new CyCloneDX 1.6 external reference type `source-distribution`
when trying to find the source code for a component.
* Dependency updates.

* make `findsources` more resilient against SW360 issues.
* `project createbom` now stores multiple purls in the property "purl_list" instead of
trying to encode them in a strange way in the "purl" field.
* support CycloneDX 1.6 and Siemens Standard BOM 3.
* `bom createcomponents`: attachment upload is now more robust to prevent .git files being uploaded.
* granularity list extended.
* dependency updates.
* `getdependencies python` can now detect and ignore dev dependencies also for new versions
of the `poetry.lock` file. This is done by using also the information of the `pyproject.toml` file.
* add documentation for SBOM filtering.

* fix: urls coming from granularity file are repository urls and not source code
download urls.
* fix wrong variable to correct `bom findsources`.
* fix loading of SBOMs that support different kinds of licenses.
* run unit tests also for Python 3.12 and 3.13.

* Fixed an error when creating an SBOM from a project on SW360 when this project
contains a component with more than one package-url.
* Fixed an issues when getting invalid package-urls.
* New flag `-pms` or `--project-mainline-state` to specify which project mainline state
should be used for releases of a new project created by `project create`.
* Dependency updates.

* CaPyCLI is more resilient when accessing SW360.
* Dependency updates:
* idna 3.6 => 3.7 to fix a security vulnerability
* sw360 1.4.1 -> 1.5.0 to have an improved session handling for all api requests.