Add SPDX JSON Format object

[wagoodman]

Partially addresses anchore/grype#395

Continues on with the format pattern introduced in #550 with the spdx22json format. This is the same implementation that existed with the presenters, but additionally:

• includes decoding capabilities
• packs in extra syft-specific info into syftData* fields

Additional work also done:

• migrated SPDX helpers under the formats package and split up the implementation into separate files

Open questions:

• Do we like the idea of spdxjson format being lossless relative to the syftjson format via additional syftData* objects? or is this going too far? (or is there a compromise?)

[github-actions]

Benchmark Test Results

Benchmark results from the latest changes vs base branch

name                                                   old time/op    new time/op    delta
ImagePackageCatalogers/ruby-gemspec-cataloger-2          1.06ms ± 1%    1.04ms ± 5%    ~     (p=0.151 n=5+5)
ImagePackageCatalogers/python-package-cataloger-2        1.85ms ± 6%    1.79ms ± 1%    ~     (p=0.056 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2     519µs ± 2%     507µs ± 2%  -2.41%  (p=0.008 n=5+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                 525µs ± 0%     516µs ± 3%    ~     (p=0.310 n=5+5)
ImagePackageCatalogers/rpmdb-cataloger-2                  529µs ± 1%     520µs ± 2%    ~     (p=0.056 n=5+5)
ImagePackageCatalogers/java-cataloger-2                  11.1ms ± 2%    10.5ms ± 2%  -6.22%  (p=0.008 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                  844µs ± 3%     805µs ± 3%  -4.68%  (p=0.032 n=5+5)
ImagePackageCatalogers/go-module-binary-cataloger-2       749ns ± 1%     726ns ± 2%  -3.12%  (p=0.008 n=5+5)

name                                                   old alloc/op   new alloc/op   delta
ImagePackageCatalogers/ruby-gemspec-cataloger-2           146kB ± 0%     146kB ± 0%  +0.26%  (p=0.008 n=5+5)
ImagePackageCatalogers/python-package-cataloger-2         754kB ± 0%     755kB ± 0%  +0.09%  (p=0.008 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2     119kB ± 0%     119kB ± 0%    ~     (p=0.690 n=5+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                 132kB ± 0%     133kB ± 0%  +0.10%  (p=0.032 n=5+5)
ImagePackageCatalogers/rpmdb-cataloger-2                  140kB ± 0%     140kB ± 0%  -0.01%  (p=0.008 n=5+5)
ImagePackageCatalogers/java-cataloger-2                  2.75MB ± 0%    2.75MB ± 0%    ~     (p=1.000 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                 1.18MB ± 0%    1.18MB ± 0%    ~     (p=0.222 n=5+5)
ImagePackageCatalogers/go-module-binary-cataloger-2        336B ± 0%      336B ± 0%    ~     (all equal)

name                                                   old allocs/op  new allocs/op  delta
ImagePackageCatalogers/ruby-gemspec-cataloger-2           2.41k ± 0%     2.41k ± 0%    ~     (all equal)
ImagePackageCatalogers/python-package-cataloger-2         9.58k ± 0%     9.58k ± 0%    ~     (p=0.286 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2     1.99k ± 0%     1.99k ± 0%    ~     (all equal)
ImagePackageCatalogers/dpkgdb-cataloger-2                 2.54k ± 0%     2.54k ± 0%    ~     (all equal)
ImagePackageCatalogers/rpmdb-cataloger-2                  3.25k ± 0%     3.25k ± 0%    ~     (all equal)
ImagePackageCatalogers/java-cataloger-2                   37.5k ± 0%     37.5k ± 0%    ~     (p=1.000 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                  2.49k ± 0%     2.49k ± 0%    ~     (p=0.167 n=5+5)
ImagePackageCatalogers/go-module-binary-cataloger-2        9.00 ± 0%      9.00 ± 0%    ~     (all equal)

[wagoodman]

I'm going to close this for now and open up a new branch that does not leverage any syft-specific property bags. This is to help move the format pattern forward without making any changes in what's expressed in any format we support today.