Capycli

* Purl cache will only retrieve package URLs from SW360 with the types used in
BOM to reduce the number of warnings for inconsistent SW360 entries.
* use CycloneDX BOM syntax from https://sbom.siemens.io/v2/format.html for
source urls ("comment": "source archive (download location)" in `externalReferences`)
* support CycloneDX externalReferences/hashes for SHA-1 hash
* All commands have now proper result/exit codes, see [Exit Codes](Exit_Codes.md).
* `project GetLicenseInfo` can now add **all** available CLI files to the readme configuration file
if the `-all` option is being used. A warning will be displayed if there are multiple CLI
files for the same component.
`project CreateReadme` will put all contents of all CLI files in the Readme_OSS, but will also
display a warning when there are multiple CLI files for the same component.
* The use of "id" to identify a release has been deprecated, we now only use "Sw360id".
* `bom check` and `bom checkitemstatus` now process also BOM item without Sw360id. In this case
they will search SW360 by name and version ... which takes much more time.

* Drop support for Python 3.6 and 3.7 due to dependency updates and the new
OSS version of cli, called cli-support.
* use sw360, version 1.2.1 with minimal logging support.
* Have direct help support for `project licenses`, `project createreadme`,
`project createbom`, and `project GetLicenseInfo`.

* `bom map` is now more resilient about errors during the mapping of a single BOM item.
* `bom map` has a new parameter `mode`. If mode is not set, then there is the default mapping.
If `mode` = 1, then the resulting BOM contains only components where a full match was found.
If `mode` = 2, then the resulting BOM contains only components where no match was found.
* `getdependencies python` and `project prerequisites` now support CycloneDX SBOM.
* `bom filter` `add` command can now add properties to existing bom items.
* `bom downloadsources` handles quotes in filenames returned by content-disposition.
* `bom downloadsources` can now write an updated BOM including SHA1 hashes.
* In CycloneDX SBOMs, the URL to source files will now be stored and read to/from
`externalReferences` of type `distribution` (with special comment "source URL") in
addition to our custom `source-file-url` property.
* Fix command `project show` which cause an exception if some of the mandatory data is missing
* `--dbx` (Debian relaxed version handling) in `bom create...` improved: First, it will check
for exact matches now. When falling back to relaxed matching, Debian epoch strings are
ignored, while Debian revisions are always considered. Output BOM will have SW360 versions.
* `bom create*` will set package-urls for existing and new components
* Key error issue fixed in maven_pom.py.
* All commands show now the version number, i.e. something like `CaPyCli, 1.8.3`.

* Fix in CycloneDX reading of JavaScript or Java component that have a `group` property.
* New command `project ecc` to show the project export control details.
* Fix: when `bom granularity` reads a BOM in CycloneDX format, it now also writes the BOM in
CycloneDX format.

* Fixed bug in `getdependencies javascript` when not all meta information for a package could get retrieved.
* `bom downloadsources` now supports also option -cx to support the CycloneDX SBOM format.
* CycloneDX JSON BOMs are expected in UTF-8 encoding.
* `bom map` has now a much faster way to create/update the cache. Due to the new SW360 REST API
endpoint to get all releases with one call it now takes only 1.3 minutes.
* `project vulnerabilities` is working again. It seems that there was a breaking change in the REST API
answer.

* Fix bug in `bom findsources` when using CycloneDX bom files.
* Improved help support
* When no command has been specified, the global help will be shown.
* When no sub-command has been specified, the respective command help will be shown.
* `project vulnerabilities` uses only the information from SW360 to display security vulnerabilities
and can exit with exit code 1 when a not yet handled security vulnerability of a certain
minimum priority has been found.