Add support for dynamic component pedigree

[stevespringett]

For components that a development team knows are modified, CycloneDX CLI should ideally be able to reach out into the VCS (git) and retrieve the commits that make a modified version unique.

This ticket is specific to component/pedigree/ancestors and component/pedigree/commits. Automated support for patches and resolves are outside the scope of this ticket.

Given the bom-ref of a modified component (and possibly the purl of the original component) the CLI should be able to construct the ancestors node and retrieve all commits and attach the pedigree node to the component.

This ticket was created as a result of a Slack conversation.

This ticket is related to #14.

[coderpatros]

This would be really cool. But how would it work?

Would the user provide the hash for the upstream commit they made their subsequent changes from?

[stevespringett]

Would the user provide the hash for the upstream commit they made their subsequent changes from?

My thought is either commit hash to the tag name

[jkowalleck]

in other systems i've seen tings like v1.33.7+5278b9229bb058e66a74c00dc9e53604918d94b0 which derived from the latest version tag in the git history. and since the HEAD was not tagged, an additional +<git-node-id_of_HEAD> was added.