Capycli

* `getdependencies javascript` can now handle package-lock.json files of version 3.
* `bom findsources` can do source URL discovery using sw360 lookup, perform extensive
GitLab deep search, and adapt search strategy based on diverse programming languages.
* Have type support.

* Be more resilient about missing metadata in CycloneDX SBOMs.
* The `-o` parameter of the command `project GetLicenseInfo` is now optional.
But you still need this output when you want to create a Readme.
* `project createbom` add purls, source and repository url from SW360 if available.
If multiple purls are found, a warning is printed asking user to manually edit SBOM.
* `project createbom` adds SW360 source and binary attachments as external reference to SBOM.
* `project createbom` adds SW360 project name, version and description to SBOM.
* `bom granularity` can now read custom granularity data from local files and remote URLs.
* update dependencies, unfortunately vcrpy does not support urllib3 >= 2 and new vcrpy version
result in unit test issues.

* Have an updated granularity list.
* Re-enable support for Python 3.8 and 3.9.
* A list of frequently asked questions has been added.
* `getdependencies python` now also accepts a Poetry lock file (must be `poetry.lock`) as input.
Development dependencies are automatically excluded.
* [Code of conduct](CODE_OF_CONDUCT.md) added.
* Warnings about multiple purls entries when running `bom map` are now only shown if `-v` has been specified.
* breaking change
* `bom map` will report matches by name, but different version **only** if `-all` has been specified.
The original idea of CaPyCLI was to report as many potential matches as possible and to let the user
decide which match to take by editing the SBOM. But it seems that many users did not read the documentation
and the expectations were different. Therefore the default behavior has been changed.
The original behavior of versions prior to 2.x can be enabled via the `-all` switch.

* breaking changes
* new command `bom convert` to import and export SBOM in multiple formats.
This new command replaces `bom fromCSV`, `bom FromFlatFist`, `bom FromSbom`,
`bom ToHtml` and `bom ToSbom`.
* `bom sort` is discontinued, CycloneDX SBOMs are always sorted by component name.
* The option `-source` of `GetDependencies python` is discontinued, please use
`bom downloadsources` instead.
* `project show` writes the output file only in plain JSON and not CycloneDX.
* `project CreateReadme` requires new entries in readme_oss_config.json to be independent
of the name Siemens
* `CompanyName`
* `CompanyAddressN`, N = 1..4
* `bom map` now uses alphanumeric identifier for mapping instead of integer values:
* INVALID: `0-invalid` instead of 0
* FULL_MATCH_BY_ID: `1-full-match-by-id` instead of 1
* FULL_MATCH_BY_HASH: `2-full-match-by-hash` instead of 2
* FULL_MATCH_BY_NAME_AND_VERSION: `3-full-match-by-name-and-version` instead of 3
* MATCH_BY_FILENAME: `4-good-match-by-filename` instead of 4
* MATCH_BY_NAME: `5-candidate-match-by-name` instead of 5
* SIMILAR_COMPONENT_FOUND: `6-candidate-match-similar-component` instead of 6
* NO_MATCH: `9-no-match` instead of 100
* `bom map` now uses alphanumeric identifier for map modes (`-m`) instead of integer values:
* `all` instead of 0
* `found` instead of 1
* `notfound` instead of 2
* dropped support for option `-stage`. The SW360 server instance can get specified via the `-url` parameter.
* The hard coded address https://sw360.siemens.com has been removed.
CaPyCLI reads the SW360 server address either from the environment variable `SW360ServerUrl` or
via the `-url` parameter.
* CaPyCLI supports an optional config file `.capycli.cfg`. Settings defined in the config file
supersede settings in environment variables. Command line parameters supersede config file settings.
* The cache functionality of `bom map` also supports the staging system.
* `project GetLicenseInfo` can take over data from existing Readme_OSS config files.

* Purl cache will only retrieve package URLs from SW360 with the types used in
BOM to reduce the number of warnings for inconsistent SW360 entries.
* use CycloneDX BOM syntax from https://sbom.siemens.io/v2/format.html for
source urls ("comment": "source archive (download location)" in `externalReferences`)
* support CycloneDX externalReferences/hashes for SHA-1 hash
* All commands have now proper result/exit codes, see [Exit Codes](Exit_Codes.md).
* `project GetLicenseInfo` can now add **all** available CLI files to the readme configuration file
if the `-all` option is being used. A warning will be displayed if there are multiple CLI
files for the same component.
`project CreateReadme` will put all contents of all CLI files in the Readme_OSS, but will also
display a warning when there are multiple CLI files for the same component.
* The use of "id" to identify a release has been deprecated, we now only use "Sw360id".
* `bom check` and `bom checkitemstatus` now process also BOM item without Sw360id. In this case
they will search SW360 by name and version ... which takes much more time.

* Drop support for Python 3.6 and 3.7 due to dependency updates and the new
OSS version of cli, called cli-support.
* use sw360, version 1.2.1 with minimal logging support.
* Have direct help support for `project licenses`, `project createreadme`,
`project createbom`, and `project GetLicenseInfo`.