Capycli

* `bom fromsbom` supports also JSON CycloneDX SBOMs.
* `bom fromsbom` extracts also `ProjectSite` and `RepositoryUrl` from SBOMs.
* missing dependency chardet added.

* improved JavaScript metadata search and evaluation.
* new command `bom granularity` to check a bill of material for potential component
granularity issues.
* `getdependencies nuget` now also handles Visual Studio solution files.
* `getdependencies javascript` is more flexible about missing information.
* new feature `bom diff` to compare two bills of material.
* new feature `bom merge` to merge two bills of material.
* the exit code is only displayed when the `-ex` option has been specified.

* `project prerequisites`: If a BOM with "SourceFileHash" entries is provided
as input, verify SHA1s of sources. It also checks that there's exactly one
source file per release.
* new command `bom createReleases` to limit automation to creation of new releases
in components identified via package-urls (see [example.md](example.md))
* `bom map`: full support for searching components and releases by package-url (purl)
in --nocache as well as in default mode
* `bom map`: leave original item im BOM if no good release match was found,
and include "ComponentId" if we know if for sure (e.g. match by purl)

* due to a breaking change in the SW360 REST API:
downloadurl has been replaced by sourceCodeDownloadurl

* check_prerequisites.py: better handling of missing keys

* fixed bug that crashed capycli if -old-version param was missing